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a Mraleglc concept. The v.nrliis )',iuu m; ; i 11 lei ice mi .1 pui\t-rful but Villi lerable 
Internet combined with il«- disi u|jii-»v < iipahi lines < >ln-i ai lackers now threat- 
ens n-iiiiiiiiil .niil international security. 

Strategic ctuilleriaen reijiiit.- slraiegii miIuIihus [ lie Hiilhi.it ermines four nallon- 
slali- 1|1|Uiihi In'', in rvl. Till 1111 k 111 il 1y.1l Inn. 

■ Internet Protocol version 6 (IPv6] 



The four threat mitigation « ninnies hill iron several rniecnncs. IPv6 Is a technical 
solutlnn. An al" War is niiliiar\- The third and fourth strategics arc hybrid; deter- 
rence ts a mis urniiliuii and ijulilii .1] iiin-,idi'ijlniiis: arms control Is a political/ 
technical approach. 

The Decision Making Trial and Evaluation Laboratory IDEMATEL) Is used lo place 
the key research concepts Inlo an Influence matrix. DEMATEL analysis demon- 

ntiptme ii tun urn's cvlieideleiise posture. 

There ate tuo prlitiary rcasims why IPvi'i Mures im.-II hi ilus lesearch. First, as a 
technology, IPv6" is more resistant to oulside Influence than ihe other proposed 

reliable Investment. Seiutid. IP'. H addresses llieuinsl si^nilir.iiil advantage nf cyber 
attackers today - anonymity. 
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[. INTRODUCTION 



1. CYBER SECURITY AND NATIONAL SECURITY 



Cylier security hastiulikK r'vrilvi'rj li e .111 .i if-. hnitaltli'.i ipline to a strategic concept. 
niiilHli/iiliiin iiiiil lEii' liil.'im-l hai- j'.i-eii individuals .ii|vnii.Mlii .mil Millions 
Incredlbk' new power. bused on i oii-lioiK dcvrl(i[iing unwinking technology Fur 
everyone- students sulrlir-rs, spi.s. pnip.ig.uiillsis linkers, and Ipnorlsls - Infor- 
mal !■ ill galhetlng. i i mi i MM i ih - II' turn! raising. .Mill | ml ill' relations tlhive been 

illglli/.ed mill revolutionized 

As a consequenre. :ill |< ihiu .il -md mi'ii.n ■. fh: i> m.i.i have a cyber dimension. 

tile size and Irapaii cifwhirh are diilictill hi pi edict, and Nie bailies fought 1 n cyher- 
spacccqn be nmre iinpurlani I ban cents I.iklie; place on die gruund. As with ter- 
rorism, hackers have biuml 1111™ in pun- nmii.i hvpe. As ivilh Weapons of Mass 
Destruction (WM1J), ii is difficult 10 n-i:ilisi fliiinsi :in wnmwiic alliick. 

The astonishing athlovemenls of rvhor espionage serve in demonstrate the high 
renirn on Investment in lie louii'l in .'imp.11 it bar I. 11.'?, I lie Marl npcost is low. and 
traditional tonus ill vspion.lL;:. :.t:ch ,c. human ui" el licence, arc moil? dangerous. 
Computer luekliiL! Mi IT. 1 1 s- 11 area and 'Jim I. |jm. ill -l:i:.j and access 10 sensitive 
communications. NaIion.il leader;. ,vho In ([iienlK address i vber espionage 011 LI10 
norH stage, are worried. 1 

The use and abuse o I cometm is. ill] I abases. ;in:l I lie nele.i irks that connect them 10 
achieve military objectives was known in theearlv UiKOi In The Soviet Union as the 
Military Technological Kcoluliou IMTK). Alter Ihe IWl Golf War. the Pentagons 
Revolution in Milituiv Allans "as nhnusl ,i household lei 111. A ivbcr attack is tut 
an cud ill Itself hut j jiownlul means In a wide \uiictv ufondi. fium propaganda 
to espionage, fitim denial ui senile to the ilcsliiicliiiii oi l lilical infrastructure. The 
nature of a national .secin M\ lineal Ii. is in il ( hanged. Inn llie Internet has provided a 
new delivery merhaiiisui I hill c.111 inn ens. ' the spi-ed. scale, and power of an attack. 

Far EaM. prove llial the ul m [inn. .11 id uiliici..t>iiln nf In hiicrnui have tangible po- 
llilenl nnr] nillliarv i-uiufii .iIliiiis As ihe hiicni'i bi.iniLrs in; ur pnwnTul and as nor 
dependence, upon il groe/s < vl» 1 ail.u l.s mav miIh fi.un a < inollary Df real-world 




ladun's borders and its iiisliiution:.. In LJOL I . inilitnt' invasion and lemirist attack 
tuiin the most certain ivn' tu diicaa.n tile siein n\ i t an ml'.ersarv. However, as 
rery thing from elections to electricity. 



• ii' 1 "iii:|..ui.'ii/i i: .mi i .1 i i ■ i ! ' 1 1 1 1 1 1 ■ i 1 1 i' ■ ] 1 1' ■ l . Nil M'111 il ^ iiiami 

1 1. hi in ■..imi v abonl i • bcr attacks. 

It is a fact that large, complex infias 



bi-rrralivi' in>(j|iN'. in id lhvy aiealik' to r\|)loil siirlnninpt-.ity Id lincl waysto read 
tlidi'k-. ,i in I -'rji- inn Illy Inliii iiMllnii will ]iiopi-r authorization. 

Ill n- |>aradm of l hi' iybi-i ballMii-lil h l In; I mill Inland small [ilayci-. haw- advan- 
tages. Nations robust In IT exploit -.open imputing pimi-i aial baiiiluiilllr -.mall 

ronnliies and iwi: In:.- Iiai kers i-\p!i,ii III'- [iid\lni; jii.-.n i.f 1 ;i. ■ Inleiin'l I i 

-na: k ,i shonei-i mmeiilional II I-. fiirdi.'i more Intel ni'l-di-pvmlenl mil ions an' a 
tempting target llerausv I hey ban- mi ire Id kisv when I hp network goes diiwil. 

In t-vhn»|- iDollirl. 1 1 it- leneslnal ilisianev helm-en adversaries (an tie irrelevant 

1 1" ,11 IW il. -HI i IB - I- .1 ll:'V. dODI llriallllDl IO - -.If.-l^ ii(e. Ilailll'.aie 1 1 V,il I.-. .1 1 III 

bandwidth form Hit' laii(lsia|!e not inonnlains. valleys, or waterways. The most 
|i;>v.vrfiil I'.eapnnsare mil based on streiij;lb. bnl loj'.ii am I innovation. 

ll is also ti nr dial rvbei allaeks air roost rami d hy (In- luin It il Irrraliiofi \ I in spaer. 
Tliere arr many skr|iO( s of cyber uaifare. Ilaslially I arm a I viilnries imionnt lo a 
successful reshuffling of the tilts - the onesand zeros - Inside a computer. Then the 
at Nn lev mn.l v.alt lo see il am I Dim; happens 11: I l ie iv.il v:i;y[d. Tlicn- is no ;mai 
amee of sin loss. t."elv,oik iri oiilljim.inon so:i e. . 1 1 1 ■ npd;;les. and limn. in d ■■ :smii 
making < bailee cyhei lerrain v. Itlu.nl .vaniinj; anil oven a well planned allm k 'an 
fall hat. 1 

In fact, the dynamic nalure of the Internet offers benefits lo both an attacker and a 
d--|. -in:' ■! Mi a' ■ vli.r i.inlis ■'.■ill he 'a::ii hv I an side Mini uses cm nr.,; id;;,- nib 
11 : d : I -_M I ■ ■-. 1 1 * - ■ I r I -T : -I i 1 . 1 M 1 r I -. ■ \ldli :i mil I'll , Kill' 'il:!' lla- 111: :m r :i;;i"- Il ' -II 1 k: ■ :nl. I 



■ if neiv/uvk 1'd 1 1 ii' I"' ii' '.' and survivability.' 

In 2011. an attacker's most : i v,|nji t.iv,i advamatj: remains ;i decree, of anonymity. 
Smart hackers hide widen lis- inic:uaii-.aial. ma a- likr aauirecuire of the Internet. 
They route attack* ihniuph riamtiies ■.■.:;!] which .1 v Lr tim's j-DWrmnent lias poor 
diplomatic relations or no lav. eidiaLeinenl : u;;pi union. In tlieory. even a major 
^nntilr: ■ ..elr: <-.. [i.ivJhl acain'a ir -.u"l nov. n nlve:w.". 

tllf Internet is a: I L : i ri.r.n ::a. .i.lil'.. :i:i I rii'.diclie:: cud; cverv time a telecom 
miititcaiions tolib crns-es a border. In ih' cave ''i a stare sponsored cyber attack. 

The annnvmily nr 'an Maul ion prabl.'ia is '.er.ou.'. .anaije, Ili.n il inrrcascs the otitis 
IliaE rlamafjiiif; cyber atlarks in. national t ri I it ji I uih-Lstrurlures will take- place in 
tin. 1 absence ol any tiutkuoiul a 'a! vaekl van lanif - la: 1:1;; utiles of nominal peace. 

higher-paying positions elsewhere 

As a consequence, at the technical level. It can be difficult even knowing whether 
one Is under cyber att a' I. .'.1 1 !■■ | :ihu a I I "In- uiiai.p.[i:le tuuiiro ol cvberspace 

.-.111 rlia!'. ■ llle . ;il. Ill 'I. ill .11 ' L : " r 1 : r--- i: ;l lid ball !| .la ir.a;;f ;, l.l'Jilv -liheeiiv. 

undertaking. Ami with cyber kr.v Ihtac is slid mil emmpji inpertise 10 keep pace 



finally, cyber defense suffers from the fact that there Is little moral inhibition 10 
computer hacking, whu h nines pnniarib < i!u- us.- anil abuse of computer cotio. 
So far. Ihere Is little perceived human suffering 

All tilings considered tin- i 111 rem balance orevbet power favors r lie at lacker. This 
stands lii contrast lo our hisi.im a I uudeisti-nidine. 1 il w at hue. 111 which the defender 
has tradltJonaUy enjoyed a home field advantage. 

Therefore, many government, mav loucluile 1I1.11. fa Ihe foreseeable future, the 

best r\ lu -r defense is a am. I .ilfelise la I si. uliel allai U 5 lie required lo defend 

the homeland: second. I hey aie a powerful and soiuHiiues deniable way lo prtljeel 
national power. 



Can a cyber attack pose a serums Illicit lu uaiiiiiia! ,mi: itv'.' Decision makers arc- 
still unsure. Casesludiesaie lev, in niiinbei. iiiik Ii iiil'M malum lies Hillside tile pub- 
lic domain, there have been lie wars bel ween two I'uM-class mi II I il MPs ill the Inter- 
net era, and most organi /miens arc sell unsure ahem ilic Male of their own cyher 

Conducting an "ininrwalinii opcialiim" ni' snaie;;i( signilirance is not easy, bin 
neither is It Impossible, riming World War II ihe Allies took advantage ofliav I ng 
broken the Enigma cipher 10 led talse uildrnniMn 10 Ailnlf flitter, signaling that 
111.. 1 II !>.;• nr.'jSK. n I J il-.I .1 ■ i J.''. I : el.es i-.:ul [■■.in,. ml-.. At.:- 

,\llied forces r.riliail Mm - Ii. esnhhsli ,■ I ;.il hi. 1,1 ;in ihe emilinent and change the 
course of history.' 

What military officers call the "battlespace" grows more difficult to define - and 
to defend - overtime. Advances ill lechnoloie- .ire norma lh evolutionary, hut Ihey 
c.in he revolutionary artillery reached over the from iln, -, el' haute roi kels and 
airplanes cmssed nalinnal biuiniluucri: nulav cvhn mtarkscau largel political lead- 
ership, military sysiems. anil miTHti /eiisnuuiheie in I lie world, during peace- 
lime or war. with Ihe added henelil ol al lacker anonyinily. 

Narrowly defined, the Internet is just a collection ol nenvoikcd computers. But the 
importance of "cyberspace" as a ronccpi i>mws ever.- da>. Ihe perceived threat is 
such Illlll Ihe new U.S. O.hi-i Cniiiiuand has ill ...h:!,! I i i la-is|iai r I, die a ii -v. dim lain 
of warfare, 1 and the top dure primal ics at Ihe U.S. l-edeial Unreal] of Invest iga I ion 




sistcnr re-attack' was a h'. avs nee ess a rv. Nonetheless. Ibe report lei'lru doubt about 




Cyber attacks art unlii.il-. m hint' the leihahli ■.;[ a ■.iLili'^ic bomber, at leas! for 
the fure.seeable fulure Bui Hi III.' ml. I lie am™ i>f nuliliiry operations is effects 
hased. If hulh a ballistic missile .mil ri cninpulcr worm can destroy nr disobfe a 



and that the source ol ilie attacks is siill iiiil.iiuv.n. ■ K'alioiial security planners 
should consider thai eleclricit', has n:i subMilutc. and all m I lei infra strut lures, in 
cludinj; coiiii liner networks, depend on it" 

In 2010, the Stuxnct computer ivoim mav have jtcompliihcd what live years of 
United Nations Security Council resolutions could nut: disrupt Iran's pursuit of a 

air strikes by the Israeli Air Force. Moreover, Stuxnet may have been more effective 
than a convent iona I milium ,il lack and ma\ lime avoided .1 major international ch 
Msui't-ruilkiUTaldaina;;! . Id seme di'inve III.' vuhieiabililv of [he Internet to such 
spe-. tainl.iiallai k-.«ill provide a sin li'inplaliori for nalion stales to take advan- 
tage of cnmpiiler liackiup.'s peneived h^hn inn n-i lives! mem before it gnes away. 

If cyber atlacks play a Ic.nl role in fuiine wars, ami die figlil is largely over o* ner- 
shlpoflTlnfrasliTiclurc. It is possible dial inieiuatiuiial < <niflii Is will be shorter and 
cost fewer lives. A cyhci-diik vIi-imv < mild faciluain ptM-war diplomacy, economic 
recovery, and reconolii.il, n Sunh a wai ..Mutld please hNnry's most famous mili- 
tary strategist. Sun T'u. h i m:^u." I i lini i in !»-<-i k'udcis .an attain victory hefore 

It may be unlikely. kme\cr. ili.it an cample I1K1- Sluxuet v,ill occur frequently. Mutl- 
crn crilical infrastructures present complex, diverse, and distributed targets. Tirey 




the start of an attack, and tictiirali/c It licihre ii hccmni-s a serious throat. In short, 
computer vulnerabilities should nut In- ( ontuv. i: a ill] ■. uhiei arjilitie-s in ivliolc infra 

structures. 17 

t\bcr attacks ma' i i:.i- t" t:]'/ .1 I 'ji j. national :cu: :t h . taivut otilv when anadver 

Il.v: ir.'i".r.. rl sip.:l:IV".llll ;.T... :]-- .ir I II ■ .l"i I . It;i!" i.ll.i .1 I II tiv.' .Ill I II 

timed strike on a critic 1 1 ir'.lr.Taincturi- tarcct surh a . an i-krtncal e.nd. financial 
system, air traffic control, etc. 

Air dc'lcusc ls iiri r.-iatiii.l-.- ol !:■:.!■ m - lilt ;ila ■ ■:U»\''u l v: ii'i- in national secuiiU 
and inteLiiational toiations It n:av ulsc rcpto'cnt a ::ai a'.ukir evber vulnerability 




I I I priws-. I i, ■.:i::|ii:i-il,- i! iii.lin'i l.n :: '■ h f inililia- a".. 

As a consequence, tltr-v in-iv '.nil :vk. \ i- tint ilv Ihi.tii.'I poses more of a danger 
than an opportunity. 

ki;i.';i-v ev;i mi i lulu ii I :.l ' . 1 1 1 1 li I -. ■ r I h.itii ill i'.v. pia'.^s tli.i: In n:n-l'. Ii.iw st.i.lii'd 
( ■ iiiiiinl. r harking an: I Western (■: I "UKiiic. a:v a hi'jra: I : l I ■ ■ ■ ■ I . R>r example, leu 
Sinn in the Middle Kasl is turn alv.uvs accompanied bv t:vl>er attacks. During the 
ZOOS vat between Israel anil Ca/a. pm Palestinian hackers successfully denied ser- 
vice to around 700 Israeli Internet domains." 

t'.ut a lone; term, coalman Mi: rat lnan i • >t r ■ ■ i n>n-ls nia'." be tllaulcal. lu a ^kiliitl 
i/erl, 1 nte rein lifted '.n.ild .1 coapeiaiivr ii.iMmii -lair '.vi.nkl only seem to he hurt- 
ing itself, and a terrorist <;iou|> mav i ra\i' a ]ii;;]icr Lcic-I of shock and ntcdla attcn- 




national and organizational levrh. a good starting pon 
meniJndurfmKeibjeciiw threat evaluation and careful 
]^ uul perU'Lliuu. but Ibe jpphrjttoti id due ddigL'jKe l 



' Ml df-jKTlJvJll OIL illflll J. Ill 1.-. [ill. ll.lgV 1 

• Is it connected to the Internet? 

' Would il. 1 . !ov. ■■ ;iiM]luli- ;] ]i]li^rialvi'.:ru\ III 
■ Can we secure it or. tailing that, lake it oiMine' 
Objectivity Is key. Cyber attacks receive enormous ra 



I Imvcver. because cyber sucui itv has evolved bum <i teelmkal discipline toa strate- 

level, world leaders musl look lieyiirul the larliral arena. I he? [|uest for strategic 
■ ■. 1 : ■ 11: :l. -.iv. .1.' 1 n.ir .. 1 1.: 1 m >! 1 1 1 .1 Lie 1. ruue:. ■ u nation state. 

Therefore, the goal oi tin'. i\" '.;;hc h ri I:: :"volii.iti' n.non -.lit.' .vber attack mitiga 
tion strategics. To supporl ilr; e-<f.imenl;i end conclusion;;, the author employs the 
Decision Making Trial and [-.valuation Laboratory (DEMMEU. 




The Nature ami Scope of this Book 



Today, world leaders ksn th.it a ki rerun ism .iri.l ■ '.Ia i Harlan? pose a new and 
perhaps stirinris ihrrat tr. rniitiinl seniruy the Inifmoi is a powerful resource, 
modern society is in'.Ti-j.iii'j!'. J.ia ilJ. :il ui.-.m ■■. and i' Ij.t air ankers have demon 

political and military purposed. 

There Is a dear need lor narinnal senility planners in prepare c.yher defenses al 
lnilh rlii- N;i lii-.il .anil s1ral,.|i|r l--H'ls. Tin' lyml <J' Hi Is [I'sisihIi is In help deiisiiiri 

makers Willi the toiler - inchraiw ihe must rlTn If iinscs .iCarnim lt> lak-cal Ihe 

sltamelr level in nider li . di*nd iheii ualmm! iiiieivsts in cyberspace. 

Beyond Its Introdurlion and (V.nrliisirni Km- Imok has ilnir primary pans. First. II 
eKplines lliecharii;lris natai.. i'l .-■ In i senir:r.. i:a>.inc; irs evolution from a technical 
discipline to a straireie .:nd. 11 e'aiuaA-: r>'n: ti|jpi jjlI:ls :o iiiiprovirip, 

the cyber security posture n( n nation stale Inlemel Prolncnl verslun G (IPvG). 
the application of San Tzus An of Ittir to cyber confUcL cyber attack deterrence, 
arid cyber arms conlrol. Third, it emplovs lp.e ["Vrisinn Making Trial and Evaluation 
Labuntlory IDEM ATE L) lo analyze Ihe key concept* cuvered and tu prlorltlie Ihe 
four cyber securliy si rrtiegies. 

control - Tall lull) several L.ik'jsini's. IPvijls a Icdiniiiil solution. Arl of War{* mili- 
tary. The third and t'onrlh si rslf ri^s are hvlintr. deirricntT. it. a nils of military and 
p~.hiLeal ronsiel.-.r.vion^: ami:. : eniril e. a pnlitl.al " rhriiril approach. 

Iheie are sipniht jiir L 1 1 l ll : l^i i . _-_ !i> this :i l..j:lIi. .vLli spjLe is complex, dviiaiiilc. 
and constantly cvoK i i i s . Matioital sei.unn planning involves a wide array of fallible 

/xl nf dlnVient rial ions. These complexi- 
■arrh lo an hillial pulley evaluation lhal 

primarily of peer reviewed sripntlrtc 111 
Dt events such as the 2010 Cuaperatlve 
Cyber Defence Centre ulLXL-ellf i:te. Siu-dish Mammal Detente l oil egeevber defense 

autltor.^ whose personal ex pern inca^a 'A hei y 11111 .liialvst spans over a decade. 




'llic validation ol tlii:, iivmacih mis pcvi uvimv. m '.vlncli every cliapter lias 

III ■: 1 "I Subjected. Ir i IK ;:|l]| :OJI "•■.•;| aiti' Ii - l lir. ii I i ^.l.l^njc cvlCT security 

eleven written solely by ili<: nut hot. \i\ jiI which .w HmciI in t he Thomson Reuters 
1S1 Wlo ufKmrnlcdpr. 

ITic author is ideally pktt cil 10 conduit LiLiv, research. L,inn.' L!UU7.1]C has been a Sri 
enust at the North Ailamic licit 1 , LJi .i^j: IVilfJI Luoperauve Cyber Defence 
Centre of Excellence in Tallinn, hstonia. 1 Previously, he was the Division Chie! for 
Cyber Analysis al ihe Naval Criminal ]nvcMinati\e Service («1S in Washington. 
DC. 

Research Oiilliiie 

This took seeks to help nalicn slates mltlRatc strategic level cyber attacks. It has 
Ave parti. 

1. Intrtlducnun: '. h , Ui'V y-uiil\ and ,'ljnunal Siiurm 

II BMh of a CuncepL Strategic Cyber Security 

III Nation 51 ale Cyber All.u k Miueaiioii Strategies 

IV. Data Analysis and Research Results 

V. Conclusion: Research Contri buttons 

Pan 11 explores Hie n-pir i>f MraieKic' i vln-i st-i uriiv. moving beyond lis lacli- 

i I leihnital ,i.|in h Mil lias In.w in nilii]ii:i' ii liii-w.ill mi men ii Ii .i ,hl h ill union 
delettkin swem - In il.'d ml my i In ■ ■ vh.-rs|i.i. .• - .| ,i n.iiinii -i.iii- Ii |ii<m,1,.s Ii. 
Ii iniKl.il Ii ill iirnlialliiiwli- lui p.,ns 111 .mil IV., mil has I hire chapters. 

2. Cyber Security: A Short History 

3. Cyber Security: A Technical Primer 
•I Cjber Security: Real World Impact 

Part III orihis book ask. 1 ; lour re.ie:r( Ii qn.-stion:;. which hiyhliRlil Tour likely slra 
le^ic appi Gaelics Ihal i ill. |. ifi'i \'. ill a:l :|.[ lc i!::tie.itf 1 ]:■_■ c\ her altack Threat and to 
improve thoic iiation.il ober security posture. 

5. The Next feneration Internet: can Internet Protocol version 6 (IPv6) Increase 




7. Cyl)craltacfc(l.'li-m'i)[ [>; is 11 possible 10 [iivvrnl cyber al lacks? 

S. Cyber a rms cm imil: ranv.c limn r\bei weapons? 
Part IV employs [he Decision Making Trial and Evaluation Laboratory (DEMATcL) 
Tj anal'. ::. ".llM:;'. ; i.ili i ;ia. v. '.:.::.. 111 Mil . ■ :.:;.:::: Ti ■ 1 II.' 1:111: |Ji'.'|i i^ud 

rvijcr ntlnck mlllanri'iii Mr.ili' ;-r- ; ;ic:clrr- : i^i -d ir. I V:, 1 1:1. Il:, :;nnl Is 10 help derision 
ma ken choose Ihemosl ( f I idem w:v>;; loaodir^ Ill- cli,illr[i«c of improving cyhcr 
:>l'ciljiiy al Ihe ili eiefiic level. 

S. DEMM'EL and Strategic Analysis 
10. Key Findings 

Pari V, Ihe Conclusion, snumiai i/.s iheciminlmiiims^niii' book ;md provides sug- 
gestions Tor future research. 



II. BIRTH OF A CONCEPT: STRATEGIC 
CYBER SECURITY 



2. CYBER SECURITY: A SHORT HISTORY 



Industrial Revolution, fur cs.mipli- ill? sri-uin ..-unim- vu irked miracles rorotirmus 
dps. Standard! zaUon ;uid nuss | m k li n Mi m i Irani." n .ill;. Ini'.rrni the rasl of maiiu 
factured gauds by dec re.niiij; I !«■ imuiuiil of liumur cryv required lu malic ihem 

Wp ate now in the middle ol ihp Information Rcvuluiion-Thpcompuipris In effect : 
steam engine for our brains. Itdrainalli.ilK Nii ilil.il.-i I In- ,n quisition and validalior 
of knowledge. The priiiiiirv pn.ilnl liuiMm; il>. lirs: uuhjuiIits was simple - to ere 
ale a machine IhalcoLild prme^ i',ili'iil!tli<jiis I'. r.li r I i.ii ;, human 1:1 w kl by hand, h 
clue course, scientists "rreahle m an mnplMi iIi.h; ,h»I niiicti. much more. 



The Power of Computers 



rrtral Imegralor and Computer IF.NIAC). This collection of 18 000 vjcui 
is designed Hi rompiue IihIIMk traji-vlories ill 100000 -pulses' per si 
10 Braes faster than a human with a mechanical calculator. ENIAC sm 
Nilinrii r,ilciilnlLri;\.ii s|:, i lls ii|) id :dlj;.i.ULH) rim: :, Lisrer lhan a hum 




Slates, correctly predicted Hit- results of die Vjjl 1 'residential election based on a 
sample oCjust lit 

Bui ihelnfoniiaiiftiiRei'ijL'iii' n 1 miyjusi I "-l'.oi i. Theai rifihe personal com- 
puter (PC) Mt a much deeper (i 11 pad oil [lie Earlli. Tile invention uf the mlcrupnices 
liiu. random access slorn.uc. and h ili'. : i : - - ■ ■ I : 1 1 1 1 r .i " i ■■ : 1 1 ■■■ allowed anyone to own 
j "persona! iliaulliaalc' '.vl'h dciui.ii.^li.il'l. sen mill, iimj rzijineLiiili! capabilities. : 

Information TechiiokiB.V 111) nu« pervades our lives. In 1DG5. Cordun Muure cor 
reclly predicted thai Ihe number ni uans'slnis mi a cumpiiler chip Wiinld double 
every Iwu years ' 1 Tlieie has been siinil.ii [imivlli In .ilinrisl all aspects uf iil!u.rnla- 
tiun IcrhnQlujry (I'll icir kjrliri!-; die avaihlilllli n: priirlieal encryption, user Wend ly 
hacker tools, and Wch ennblrd open sounr mtellicenre (OSINT). 

The physical [Iinil'i r.l' il. ip .■ piniiii; a-v ,ippr :iini> Ti .-r Example. electronic 

circuitry may be reachlo;.; a-, na ma pb-siiril m,v ,ind die masdmum rate al 

Which Irllurraallori can mar Llinuijdi any ipnlei system may he limited by [lie 

nnllr speed nl ll R hl. 

Hnwevrr. the simultaneous rise nf evhersprer" solves this problem. In 2UIU their 
were nearly one billion computers connected directly lo lite Internet and over 1.5 
billion Internet users on Earth. 11 Today, a reliable connection to I lie Internet Is more 

llnpi'l I Mill Ih.n: I | "■.■.■■I ill ' c 11 s : I 31 1| il ill I . 1 1 n I pi I .A 1. 1 1 S 1 1 ll'l I llli 'I' 1 1|- . ll : 1 ■ 1 1 1 1 ■ I \ 



The Rise of Malicious Code 

TugelllC'l'. cuitlpulc-is mid ' iiinpiiln ncK'-iii ks I'll' [ individuals, urbanizations, and 

governments llieabllily in ;-in[uire and ec[ili>ll ln| ( Hum al unprecedented speed. 

In business, diplomacy ami i m li i :n y mijjlii. ilns n ansl.Hie.. I nlo a competitive advan- 
tage, suggesting lhal lirains e. ill h ii bnt'vu v. n li ir;i i-i'inci Irecjuency over time 
and that computer re so Lines '.vill p.juv i loiiii jI rule in luiiuc liumaii conflict. 

The original mean! up. of llic leim "hailier" v.as quile pnsilin.-. It meant a very clever 
user of technology, sperifk ally -iiineiiui' v.-lm n c. j( 6 i I it I hiinkvarF or software In or- 
der in si vi-li tills linnls es[i:-i rally In lake il ln-\nii,l '.vlieii- us nuenlrus had Iuli-nded 





it to go. Overtime, hoivt'.w. the unr.n.,:li.- 1:1 i. :| In Ims led to a decay ofthe 
™rd's <>ri«m;j| meaning. 

Regardless of a backed 1 1 minimis iIk-ic ate iliivu I'.isi. I'M ms uji ybci attack' tbat 
ii;i!Biri,ii - I-v -In u k I V-": ■] . In 1111 11. d. 



I'm- exampk . In 2>li::i ;i ( iiniidmri u w.in h lthn;> ciJle:l I'n.'rvri.-iriwj '.ivjffirr 

mr revealed the existence oi ■ChrjstXet.' a eta espionage network ol over I.UOO 

roiimmnnsi il iraiputtrs In I'X' t t)i:!=:i ii-s rh:il la I !?'!■: ii 1 1 □ f : L. >r 1 1 : 1 r ii . puiLlic ij I. nn 



SI billion in hiwiKii.liinnia.;!-. [ii3iiri7.Svviin.iii di-l.'HM' ivasreporledly di.sab 
byacyberanarkiiiiinifiiislu-rim'ilii-Isrm'liaii forcer I™ ml is lied an alleged raid 

reactor. JB And tin 1 Run i'i-i "vi nnn'iH ik a 11 iim iniieni crackdown on pol 

cal protestors-. coni| ilelrlv seven ii Us [iilcinel i Miner I lull nil he on I side world." 




would lie .straightforward ami ri'K pi i manly in [in souuel background checks and 
padlocks. BulthebcMienisohichvnikiniiaie Inn great to Ignore. Modem organ Iza- 
imns ri'[juln' hil'-i iis't i imtwrtlvlr}'. 

The trick is tofindlln n^il balance heme:-] Inn; hniialii'. pcrluimance. and sucu- 
rity. It is impossible to opiUmsc the eiruilibmiin Willi inspect lu all attacks. Before a 
mi lilary operation, if even solrtici knew every detail of I In' plan, morale and readi- 
ness might improve, hoi II would lie liu oilier f<« the t-neniy In become '.\illin<; as 
well. On the oilier mini when loo I.--.V soldier', nn'in III- know. I he odds of success 



As during WW II. the niui.-miil sefairiiv rnmmunitv r.oniiniicd to lead the way. By 
1957, the U.S. military had i on(isiir<-il an 1 DM Svsti-tn 'IfiO network with discrete 

levels of clearance. coni|Mi iim-iu. n.-.-il-to-l w. and mtnjm'il autliorily control. 

In I tie civilian Work I. tiowvve] svsleni adnilulMri.lois could I ml prevent users from 
reading the riala of anoi her uu riiiull i!!7<>. And e\m then I to' administrative goal 
was to prevent arrirleni il nam "aru|"i-.nn nai "i prole, r u'.er'. i'rom one anothr r ' 

As Internet cornice ;iviiv iavw. uialii i::ir. uv.i> .in:l i ..Mpiner hackers were able to 
conduct increasingly asyiumi-iiii ail.n ks. In ilieory. ; lacker can taiget all Inter- 
net-connected computers Manilla i icm-ly wuh an mtro-k lliat travels at near light, 
speed. The strength ol the- InliTiiel an accessible, o illaliorailve liamewnrk based 
n:i ...]!ii:i:e.]i ^jiiologii and protocol? unfhclunatel}. makes II vulnerable tu novel 
allacfs ami siisrcplible In swift anil massive damage. 




tllese programs did mil yei ;nieni|jl lo .leal or destroy data." 




an explosion of mahvarr in boib quantity arid qu.il.tv In ZD03. a DAR PA" -funded 
siudv" ciitcgnrijfd tin' fiiov.n Internet v.oim.v In ail.-ufei'r motivation: 

■ experimental curiosity (Moma/'lLoveVou). 

■ r:i:n e.\iM--r.t in r :n 1 : ir . li.rnl [~r- !. — ic I (M .1 i's. SI. 11 nn 

■ backdoor creitlliri lui rnmiri- ( (.inn J (Code Red II), 

■ II I. ML pi i\y. ' 1 an! : el.!'. . 1 I in.;; I j.;l i._i. 

• DoSKodeRed/Yaha), 

• Distributed DoS(S(ac!leMna[u). 

■ c riminal data collection, espionage (SirCam). 

• datadaniagelClicmobyl/Kle^.and 

■ political protest fialia). 

Clearly 1 , the goal of Ltiiuputer 1,11 king ;s limits I unl\ by 1:11 ■ attacker's Imagination. 
The DARPA study speculated Mi,, Inline minus r< mid I'm i hi ale human su rveilla nee. 
commercial advantage, ill. 1 nianajteiiieni o[ distributed malwaie. terrorist recon- 
naissance, aid even I hi- iii;:ni|iula1ii>iiot crilicii] infra si ilk lures in support (if cyber 
war objectives. 



clarhlg that security would bciK.-forlb be at the loiefiiiul of Window's development. 




- i:i iir.i. I ( liall.-r^- .is-.ni iaMl will; m ili waic |i.!d h I h'g)[oy 11 . 

• susceptibility or the communis iihIDT ■ lanjjuaBes to buffer overflows and 

■ Li-.-; -i l-.i I; i.ii :i -.- I ■■ :mi: .v-.:- 1 1. i ;:i;,;:.i::i .. l.ikI 

• the prevalence of -11111111 iciilm ri'" > nmpirting environments." 

The computer sec mil \ pniNejn spate is both Imsal iiiul deep, hi terras or quantity, 
in the single month of Mas Sums. ]<nspi>i-sky l.ali idcnillK il 42.520 unique samples 
of possible malware on Us clients computers. 

In terms or quality. I hi' cvh«i iH<>iis>< <■ niiiii is nun 'inly analyzing Ihe most 

sophisticated piece or iiuiliw yei fonntl .Simiiei." Ibis vaiim targeted national 
critical Infraslmctiiics. speciiLcally tin' St" ADA ' systems usrd id iiiariiLjj- ina|(n In 
ihistrial installations si u h a- piwci- i;inls urn! the Piiij'i i.iumable Logic Controllers 
(PLCs) used to control device- such as pumps and valves. 

Stuxnel's propagation stiiiri-jjy is a n-undcr in lii'lmlil. Ii exploits at least four zero- 
day 5 ' vulnerabilities antl employs two stolen tllglfal certificates." II targets "alr- 
j;a| )[:■(■( I" ni'l-.ioiks li i ri-jtniviihlc USB ill Ives ami is suiarl eiiimp.h l<> .ir u-ni| .1 its 
exploi is only when connected lo a SCADA em iniim finally, in 2010. most of the 




inlet ted niacin ik'S ''.civ j (\![a]]iid ; iiiinli ' inn i'-'Mii LCHL-lli^L-iiLi.- j^i-m k-i- 

■.li'i.'iKl ilk" world Iran, &r 

\ ■.nail-;;.; 'hulk- !■.!;•■ i -. I'LL del .■!]'.■..■ i h t die Internci cv.ihcs ^r. qukklv il i: : 
impossible [ot any orR.ini ".irinii in maw r all i >r hi.' I.iii'M drvelnpmenls. Over lime, 
attackers have subverlcd -in ."/it hiaf-.-isin ; - nnmbi-i .il op.'ratinf; systems, applica- 
tions, iind cum mimical kin li pro: oa> , .i,. Ui kiidiii^ '.inipli ham Ion much technical 
r«round lo cover, which I 1 . in a liaiki r'.'. ,idY,]ri::i;y .iriil plan'' n premium on di?lbn 

M" . Ii'lll'il'- J..' id iilK.ll^Lli::-.'. a I. 'I : 1 II K il ' .' . ■ 'I ,l'.l H 'll'.illi.'J ill k Ui I.''. 1IUIL a lid 



Lout Hacker to Cyber Army 

from the 20"' century is the spectacular effort by the Allies to convince the Ger- 
man military leadership ih.il the [) Day invasion would lake place al Pas de Calais 
insli ,-il .il Normandy. 5 " 

The Irrsl mention nl .1 l.u di: innlni: "iiil'irnuiiun war" In c\ bcrspacc is al inhaled 
to Thomas Rona. I he nnihor i.f a r.il'i. Ik.i inc. ■: 1.1 [inraik.n iesearrh paper enlidrd 
Weapon Sy stems and Information War.' " Harm perceived that computer networks 
Here balh anassel and ,1 h,il!ill[> lor am iire,uii/aliun. Once n mission canic lo rclv 
un the pioper hiiiLli'inkiL' ill I I kn Mi'." r-'-. "ini|iiiln V. litem:, '"mid lie anions the 
hist targets in 'var l;an.i ;n lai'd ":i n ;. I :i !■ .1 m n ..n II. i.'.-. "ithin any command 
and control system arc ' ulnciai.u.- I ■ :enuiii::c.. :■■ 1.1 1 oau.^. ui" s pooling by an ad- 



In 1393, a widely ciled U5. Naval !>nst B .-,idii.ne Srh.»l (NI'M arlicte examined Ihe 
historical aspects of , Vvl.-rv...ir. Il ' antli'irs .-iiitm il 1I1.11 ihc- liilnrnijili'i! Kev.ilu 

offered the world ^ucl 1 i;n reaped ni';aui.'::i:<.in.]l elli'.icn-.A 111 id unproved decision 
making that traditional hi rairhk^ and |i ihlical v.Mcn^ ■.vould be forced 10 evolve 

For militaries. ITenliuueed .itualiunal uwaicncss was compared to the 13" cen- 
[urv Mongol ai im s a 1 .', 'il "ai 1 tiden" 1111 h.u '.char i. 11 :■ l'".-p oatiurial leadership 
iiifarnicd of distant h.tril.hi.l- 1 d- ■'.I .-iii 1 ' "ith a 1 .!- meaiine speed and to the ad- 
vantage a rhess player wr.u Id Ivue e.wi .1 blind laded opp.incnl. Cyberwar cottld be 



cc of conventional Corel 



iictnrr- in order l[> ruplure L In: 
'vli;,ii;V' .ini'i.':.'!::-. sfivins 
■sjial is ii iieLii lipli'. sk iildaui 



In UOU L . lames ,\J jiiis I'.viji il 1:1 | :.e/ . . :.- ■."=;■■ . '.l/aiM dial Tin' LlepJil 
iiil'm: 1.1 Di li iiSL ii.id in iljli :j_t e'. Ik-i dk i'iirs li' L | :l\iI -' ui Id [i-sl ill a ilava 
tied JUL ~ licrl lenm eMcieise :"den.iiin:d -Lli^hl,-- Iv.-reiveiV I [rim live 1J i. Nauonal 
Sreiiriiy Ajvnry IK'SA) personnel. Simula line. \raih Knrrnn harpers, used a variety 
of cyber and information ivailaie I1W) took and r.irtics. ine.ludiiifi (lie transmission 
of f_bricaled mililarv ordersand news rcjxirls. lo nllar.k [he U.S. Navy's Pacific Com- 
niand I mm nbeispjLe. I lie lied team ea.s vj siKLissf-jl I lull [he Xavvs "Iilichljiii 
eoiiriaind ;i:ni eonliol s\sleni' v.as puruK.-ed liv imsirnsl. and ■ |iohod\ ... [ruin [lie 
presidem on dov.n. :cu!d believe anvrhinp," : 



..iim|;iiin ^-.vius.ivlv nn^liTlr)fH> [_ I 



h'lirsM- JJ'jmlln il'.Ti i ihi.u Jiid'cil ih.i: ' klivism' li.ai bcsaiu I> mllm/rice ])»[Mi 
c.,.1 ilisi-duvsi-. but Ihiil lllrr.' ll.nl urn hi'L-ii ,1 single VTi lfi.ihl,' rase (if cyimr 

Icirul iMii. ill id licliiM 'l 1li.il ni' i '. I it iill.i: k h.h I , .iiim iI .l liulitun caMiulty. '■ 

Furl [if in mm. James Lewis of (lie Ci 



ICSIS) opined tlml cyiier altar ks were easy Id liy|ie herause cylier security Is 
xi-experlMo uiiili'i -iaiiil. He argued ili-n ' 




for national policv v-w, die Kv.^.uiu:: llu;l .1 :m: ■ il yieisisieni '■.jiiiputct 
vulnerabilities and Vs'.u I'i.'iM:.- "iMi'. Ii.:d i'lji'.i: ial l ijlic j( infi j^tiiji^- 
tura Protection (PKII 1 I" n ■ I > roundalions: Protecting America's 

Infrastructures, identified eight sectors of the US. economy that held strategic se- 
lla liking iiinl Miiiuo'. ciiicrij'in v services, and si:>\vmiiii;iil continuity. 

PCC1P recognized not onlv (Ik- riiitii m'-i ilcpi.-iick-ticc- on itsaitical infrastructure (CI), 
hut dsn the dependence nf mndem CI nn IT syslems. Purlher, it cited ■pervasive' 
vulnerabilities that were open to attack by a wide spectrum' of potential threats 



On December 4. 1908. Russia spnnvned Uniied K.iliims (UN) General Assembly 
Resolution 53/70. "Developments in Ihc [k-ld 'if information and telecommunica- 
tions In the context of International security." It stated that science and lechnology 

and communication ik IumIdjjv I1CT) ulleis 1 ivili/.itiun tin- "broadest positive op- 
portunities." ICT was noiu.'l holes s vulneiable in misuse by criminals and terrorists. 

future. The UN adopted Resolution 53/70 on januaiy 4. 1999, tr ' 

The most successful international cybei security agreementlo date - the Council of 
Euiope Convention on Cyben rii lie opened lor sijjnaiuiv in 2nm. This treaty takes 



Om!p|CI»D|.\-l.m.:r :i MgnlM ....ii.MI -:>,.iML a ili«™IA.,s™m 1 il 
denim IEfC« ami [Si.ll h.ir.r la.k hi.i. — ( ™i|i m r KH-.i. .r k r wr-Hir* UIF-CND) 



si : in i:\ ]j'jIk ■-. I[ oik l' aMil -linc:. n> iniiiniininl evading data inniieplion 
and die si iLii 1 1 (.1 (unipaliriii Iv.uiks. [I:- iLlimaa l;. il i «i . 01:11:1.111 pain;, uuryjici 
crime ivnildv.-iilc vi:i rnlinnal It-p.isladan and inleriialiuiial itmpeialion. Cmit-nlly 



egy I iii' i' t<i!u.-ii plan- '.'.ill,!,, the U.S. military. A mining ( .i.Imi i.ui.ned in ZIIW. 

U.S. Deputy Serreiary .if Defense William J. Lynn wrote In Foreign Affairs that ad 

vcrsnries mnvlwvi' I hi- |i::v.vi I. j .[iM npl .run a I l".S itilin malum inlrasli nrlnri- , I 

1 luii ih.' iimii.'Ii'li n;mm- 1.! ha. khi£ means ihai .1 '.Liasi" < < mi jjhh v pii.;p;-nn 
mers can pose a nalional se: uihv lineal. Over die !<>iij> Itrm. I.ynn believed thai 

'■ pnl.T lliliklllgiail lend 1: 1 I] 11' li:ss (if en.il|e|l imellei Ilia I |ll ( i|lnty 11. di-pfjlT ' 

nation ot Its economic vitality. 

The must tangible U.S. response, has be.cn the creation of Its military Cyber Com- 
mand in 20111. USCYHERCOM has Ihreo primary missions: ronipiilc-r network de- 
fense. Ihe enordi inn cf rai.il [ ■.her Ain l.ire rcsinnies. ami tyher srrnrill 

lin:s.in ■.■.ill: dr mesli'- ;.nil lorci:;i: pnrlnrrs. II:: hist missmii d::i use. relies on a 
eamb::wi'"'l"; 1 I r,.-,d nona I l-r -.r pi.n lire.; hi renipnlr-: srinnilv and .dnsall: rl inlel 
keri" lineal h:lo: n:n[ion. riva:.: 1 a iini.:i:c. a; ii'.e' L'.j. : ■ la i ;k-:en:.e posdire.' 

II 11 que:,! fur slrale[>ic (ikei ;k:knsc look lis mast reeeul step kir.lan.1 in Lisbon. 
I'arlm;al. in No\( inlicr 21)10. ■■■.lien' lv.enl'. -l i.L.1 ,1 :::iaona. k-adcrs [11:111 d»: uorld's 
fcneniosi p.illtiailand militarv alliance published a n.-.v -inaicfiii < oncepi" fur the 



threaten "national and Euro Atlantic prosperity, security and stability 



all NATO bodic:. undii (Lull aiiii'.-d l : L-L ] |iiuln li'.in. Lip'.;r,iJiil!; member state cvki 
d^leir.e c npobi In ]•■■-. :-\y.\ hn.*' Mil, i h -M- 1 1 . "I rijiii'ii.il ;iiir[ i-i|i;jiii<\iIioii."lI rv 

In fact. NATO may be iliu- bcsi place 10 Lv.cln jiiiiitniifi i lit national security dial 
IcnKC poser] by cyber attacks. I In: Itiiltml-i i, iiuv. an iMemabonal asset. As such, 
threats to it require an inn.-i ii.iik.iij! ic-j'.ui-'.. As .1 Iji .a'- 1 tiimip ol atlluent naliotis 
i'llh n shared pnllr;..il .inri miliT.UY .-.p; arb il .', pi v.ihlr I hoi N At 1.1 lnd.iv irould 
d.-'.il n siji.nilicaut lilmv I.: unr nl n lr.11 Iit':, .id* .]]im:>,i's anonymity.-'- 

More Questions than Answers 

Although the lirst modem 1. u 1 1 jpu j wji dcsieniJ jt 1. ambriJgC' In 1B37. In many 
ways Che Information [(evolution hosjusl bf;uii Its: '.Vorld Wide Web, for example, 
isjusi twenty years old. 5 " 

ASDiirust' olatld dcpculru v- on I In (nleiiii'l hiiU j.ur.'.n however, computer seen 

rity lias quickly evolved I a |m:i I. icih I di-eiplnte ti' ;:i peDfinlibcal strategic 

rnnrepl. At the 2010 NATO Summit In Lisbon, twenty nlphl wnrlri leaders dec Irani 
that cyber attacks ram threaten inlenialiunal pmspcritv smmiy, and stability. 

Morccnier. in the future I he consequences of a cyber attack may rise because Ibe 
threat will affect natn.uul ■ iiii> nl i-.isci i:- tmh_-v id •■■.it,- kind. In our [komes. the 

use of 'smart grid" netwi il k - is jit, i!d,.| .vine. And 1 ■ nikirones. the production ol 

IP enahled munlllnns. such as unmanned alrrrafi. IsnulrHcIng lltalof Ihelr manner! 



As national security tltuikei - .n r i iiipi 10 dilciir: iln:i] luk'iesis In cyberspace, a key 

I; 1 -11. . . ill I. Id lii;,li;,' illr J,:ip l.eie.- en : '.I'i -I I ;-.lri.'.\ . 1 1 :i I i\ l:el lii' II-:- : .ii.iK 

such as the searriiy of miunul 1 ninal indaMiintiiirs urn I strategies like mllllary 
deterrence and arms mill 1 ul demand ,: p.ir,tk-r iippi ei inliun fur tile capabilities and 
cliallenges of computer si Hum. v. ln Mel 11 ilu'ii li.tltles un I lie finnl lines ot cryp- 
tography. Intrusion tlelei tlmi iv\ei-e ■■iiyneeiinj; ami . ii (n ■! highly lechnlcal ills- 




3. CYBER SECURITY: A TECHNICAL PRIMER 



Chapter 2 dcmonsiralrd ihat nbrr sc-urit\ lias evolved tmiii :i purely technical dis 
ciplincj to li strategic. i;i" ipi , 1 1 1 i ■ : . 1 1 'Mii.Yp; Mill lliii un: 1 1' iiii|ijli iiLUluuul security. 
.Nonetheless, at [he [aoii'.jl Il".'.'I I.'u avlii:!' i."m i li ln.^li:'. technical discipline 

ener or information technology. 

Therefore, before i his rcscrsn !l i->.-i niint", [lie real uniid impart nl cyber ai lacks and 
explores strategic [iii i'Lii u nli^ai itai sii lIIc^.h :.. L haptei Li .-, ill introduce the reader to 
the basics of cyber security analvsis. msr-m scale tacking, die case study of Saudi 
Arabia, and cyber drlen:.r rv.-ri^i-'.. 1 1. 1:1. i ili\ it iipprrnaiion lot ihe chal 
lenses (if computer scienr" -,.[11 Iv-lp pi.li ■. liiiikei 1 , I., briiliy I he ;L^Lip hclttccii luctl 
cul Llntl -IL iik'^ii. I ". i h.". iil hs thinking. 

Cyber Security Analysis 

analyse hisorni personal rtrewall log/" 

Almost everyone ludav Icr- a pn smiil i i In..:' hie .'. nil it'-ralled on his or her com- 
puter. It protects both iIm- ■ 'imptitr i ml it. lea'i tnnti unwanted network actlv 

ity. "Coir- hid 1 1 c" ch J I s - speaking it i il oi i h "-| ■ t. tim miiri^ tliiiti "packets." Professional 

computer security analwi I'l.iniiiii' the hjj files or rcrnrdod event*, of firewalls 
arid other rumpuIln)i.di-N Irvs Itir sinus til suspicious activity 

ems' rump r- fur pnlir v violations sm h as Imstiniiaii iliiaulhurl/ed VA'h sitvit. 

Businesses go lo esiraiiiliu.irv and •.nmriinv. uiieihiral leiiyth, Ingalherln-deplh 
information about computers and lli-u useis. sm lias v.lm h ( i petal lug system I hey 
us- ami nhai iv] i.' iil'uiiAiHs il ii-i I hi. In u:k(-:ii.i[i)i purpose!, 

I'll iv,, ill lnjisi .in !»■ vi. in man) li 11,1, nl v..i\. 'i ..-i mil) hi h I;, st i ..us, ill tin- In 
by country, fur tsvamplr. in iileniil\ hi, n-kul italTii- In world y c. igrii}ihy. T,J 




computer network security Is hlfih. An .nn.il'. ;;i mv.'.i 1 1 rid-r-ntniid hardware and soft 
HRrp.aswellaslnlemi'i |.>r< ii. n i iK. si.imc.irds ;ir«l sitvii i's .Senility ts an art as well 

.is a science I hat Involves iinnn si .m... iinynil n-'sc.irch risk management, and 

n willingness tu pick ilu- plum.- rim I ■.[icnk iillh iiiikmum ss-steiti ad ml ri Humors. 

In fax the problem ofaitribulkin Is ihe most tnmpllraiinB tector In cyber threat 
analysis. If Iheallackrr iscaieli'ss mill Uivcs.iL liirii-- ilij'.il.il limlriririt (e.g. his home 
IP address), law cnloMiriii'nl ui.iv be aiik lu lakeqim k at linn. [I I he cyber allacker 
issmarlandcovcrshisriiLi.il.il lriirln l]i"nrirrnitna-. evidence collodion, and pros 
cculion become major challenges. 

Inalmusl all cases c ui ii fn il f I ■ Inc. Ilk, alum' (In mil sutnLL-. Unmasking a cyber at 

liiiki-i- ir-i| -s I hi- fnsum i if , vlii-c and nun e > I t riala |Kinil.v Ens est ii>,il<n s must 

enler Mr real work! If they warn iiiarresi .1 mmpiiier hai ki-r. Tliere will always he 
ctiies. IT the final Is esturiiriri. ivheu- is ihe money I" be paid, and is there- a point 
of-contact? II the threat is denial of Service, the iarfic-1 could ask for a proof of cg 

ill I' ■ 1 ;, II I"- 1 ■! ■! :■■! 1 I, ■ ■ : 11 -i, ■ .... I,- ■ ■ , " .-.|,,|ill 1' mil .';;..lllsr 

misted sources Is always one (if Ihe hpsl defenses. 

Ill 1 1 lis' ];:i|lli-l.lll--,illlllMi has I111-1] In in.iki'i kMI-lhii I an lllllji III I ■]! I| n ltd ll,n kt-L is 

notasmiplediimv Cyber aitai-knis arc 

anonymous in their vlnlms. SU1L ibis rides nni mean that cyber attacks can easily 
rise tothelevelofa.slinlc'iii linear tun inkles mcin liiil. v.iicn [hey do, national se 
curily leaders can be in [he imkivanl jiii'.iliuri ill r,;:t knii'.vme.who is attacking I hem. 



This is iba tociiL' of ihe nan chapter. 



Macro-Scale Hacking 




found in 111!' loim ol (.■<]iii]>u1c.Tikil;j. !i mil !i[:coiinii;in. ]i: 2(j(Ki. I/rulvrs m-Vis sit 

VICT. [Ilkll It! j>l]l>l]silill!> il |jli:il!fil:Llk, lll il 1 ill- sk'. I '-, rl Ik illH l() Miilkljilll Isiilljli ilil 

liiiil ,i|i|:r;ir iniju- ilninuik. in ':MV'S. •i;:-:i.i\:,T~ |inl:k'.lh-il ;i liholo of an Iranian 
missile ti'sl in v.liidi an I'Mrii missilr Ink! hrrn ,nk:.-ii: 1 ■ mill in 2010. Al Mimm 

HL".vs|M|.iL-l in Ciilo | u il : | |il Kiln ,ifM il 1 ml >.v. LK lu ll tin' ]iU i". i if IV.-ii Irtils 

Obainaaml Mubarak ill tlio Wliiic 1 lorn,,-.- : Wiliiuui simr kind of icrhnical means 

■ iT V I -I i Tli --.1 I ' .ir- l»- ililll: i:ll lull fi il .■. I i ■ ^ ■ 1 1; I | i| I :l . I 'I ■ : I .1 - "i . I. : I. li.ll 

tln'ii own wuik hus nut been modified. 



1950, Alan Tilling v.-ioU' Ibal -.'l.-n I In- il'.illcM' h'.iiii.in niulil i:iM|ii'[ki] in ;i nun 
pi Hit eii ;i {-(lrnvrsiil ion ■.'.■nil another human and 1ii.il n ma.iiin,' cnnkl run [irmido 
.1 "nt'.illillJiinl aicwr' In n t in K v.-iflf vnrietv ill questions. I hi' ei-Hirat.'d leiit^ 



The i.niTii^c i'.uii|iiii'-i- |i-i!^v.ini:iiiT- ■ o-.dd r p.iss Hie lurm^ Test bi.ii ho or ■. 
Could ■iViilf il |llo£i.iil. I: i lioil.il:- 1 1'- -.M'lli I '.- :i i T-.villei' ::n in A', .i IV.HI. Ink-ill kk - L-b o> 
is spoiidill}; hut day. ui '.\ h.H lhinks .ilium a |joliliuil li-adiT. 



is ihev i|uirkly l>«oin.' .i ])i-olili( inodiii.-i ijilijjii.il infin i iwii 
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It v. This benefits .1 ;vbi'rn1l.iik:|- -.•T. 1 < Mil | j 1 j -. 1 1 iirli.rni 11 un to the Web I hoi would 
nol Lnuhjinl lu serious 1 toss-exam I nation. 



Due lo the speed iT modem runmiiinii-.iiitnis. humans (3c j mil hare much lime It) 
analyze what lliey read un ill- vwli Mas a rivssa.;. rsrsierl by a hLimati or a Fila- 
r-hilled ll Mill I"- hunt 10 krimv when even ]il ; j!]h 1rlkun.11 :t l.uisui.i<;e ciin be slnlen 
and repackaged by a barker. Anil Xaluin] Lmj>uuj;e Pi m essing, or the computer 
analysis of human lanmi.i-i s. is siill ii 1 1| 11 o\i 11 iivhnoliijiv dim requires significant 
human oversight to be effective. 11 ' 

attained - thai IS. if real |>.'i>ple hei..iii Hi follow I he robins the attacker craild then 
begin to scute back the Aiolii ial 1 1 1 1 1 ■ 1 1 i y 1 ■ 1 k c (A I: .mil n-pinyraiii I lie biitnet Ibrils 
next assignment. 

It may not malter if the bninri 1 nuipaljni 1 1:11 1: 1 r;. iiinallv hi' discovered and dis- 
credited. In time-sensime contexts such as an elecliun it niir>ht be loo late. Tlie at 
tacker may desire tn s;v; iv pu'Ji;- opinion on>. rrir-.ish.K-i piiinrf nl time. In the week 
bclij re an election, wltat rl both Ictt and nshi innj blons wore screed with lalsc our 
credit;!;- informal Inn ubcicit oncul the candidate 5.' h could tip the- balance in a close 
race 10 determine Hie winner. Consider Uk enormous impact of the H004 Madrid 



Klrnihr-s -voriiil bri;];-ir„iiiri-iri-- -'. ir|: rhc 'X:\\ I h;< is rlv fr'J rliflr i:It str- ji imr t.-.l 
from impossible to implement. UVtr tin ic. each new idcnlitv would assume a virtual 

-lifc'ofils own. 

Hhishingal lacks are surcossr'nl even I liuudi I iiev ltoiimllv employ only one layer ot 

d.-irii ihc website iiseil lui'.'llijieru .ilia, kins; aimi'.iv:^:i re Intricate web 

ofd«epllonlhanlhahaiieiilireiirKaiii/aiiiHiiiailri.!iiii.ssriilkheraketlirihetmie 



power or Web -enabled "put Seine- hiiellijierur I.0S1NT). The average Web user to- 
day lias access t» a staggering amount i >i"]iirij[Tiiiilii>ri.ni-siiiniiig with only a name. 
ygoodOSINTreseaii.tiei nan tjnirkly nlil.tln tliite-nf-hii-ih. address, education. medi- 
cal records, and much inure. Yin stirm] ihh mkiii;; sites, lie- altaiiker may even dis- 
cover hiliiisati- ili-lails ill'. i |h-i sun's hit lu:li[i;> where in- lit she mii;bl plusii ,ilh 
be at any given moment. Lu-niiinllv. ;i web of ((iiineiiieus to other people, places, 
ntiil things ran he constructed. 

Computer hackers arc not only able to conduct OS] NT via the Web. but a bo exploit 
The technical vulEti'iehiliii-- . "I 'hi- Vu h in 1.11 '_-.i tin ;i ■ i: : ins. I Linkers 'cnumcralc." 
or conduct in-depl li twlncta! rrcunuiiissiiii i-.ijj.iisi I isl ( -. bcr tiiijjers. for information 
such as an IPadditss ,s tinicstamp. ur otltei -metadata- lliitt can be exploited in the 



Given the size of cyberspace and tin- spi il iii vdiirh data packets travel, one or the 




rses i]ijir sl' i-.. ve.il ■:: vri j;i-ii:\ -i us.n run Id suejirsi 

■ j !..]■: 'iii:.:' i : ' i line :u t-.-ii u..-.: u.c. inn mail'' uif.s an 
lii ul im.lli' S. "I sli.lil^i.- -..ilii l lis Sltlll ,is run lllilll' nit - 

rttngknn 



Technical data should not t (uiflicl with a security analyst's common sense. IP ad- 
dresses must be scalteied lealisiii alb within I he inliuj; spare. Internet browsers 

should manage website visils .is a hi in v.nulil pausm;; fur images lo load and 

allowing time for a user In read impurliinl inf'nrnialion. Automated computer pro- 
grams may move too qiiirklv and n » "hiini' allv iram nni- tiata request to the next. 
A secniits analyst shuiiid lii-.i '.ujj.istc iiiiuiiiislics [ur nllu-i c;:u human pnipcTtics. 



I Ik |ji i [ii.ii ■■■ di.ilki^i- [■: .1 Mali ,1k il i ■. Ii ■: lL'Ti.il-.i- : 1[ i: :■. a ijl.it I i-ji I I l I _ ■- 

rliararlerlsllcs 'hal art; li.ist'tl i>'i n-i-i I mm- slysis uf iiini'iii rn-A -i iiml .Tir.'i r.iin 

[ompleiely sure wliai a setairin arahM is l:«ikiiij; ii jr. An allack always requhes 



i .1111] nirji isn. A -i. iiiitv ninlv.:T c.i 



ir ri'ii] InHTiu'1 Irartk patterns, 3 Iichtim 

'11 lli' ii- .11:' soil'- |inirlv i.'. hni.-.'l in"-.- ri. ■!.!■. "i; I" 1 inn.il-. in.liininj; 1:1. 

inr ri'.isi'il usi; of I'libhc K. -. Inl'r.islniriiin (I'M) I>niiii,:Iiks ntw Inli'riii'l I'mloi nl 
'.■i;:sloii Ii (II A-';i. Ni'iirji iiclv.oiks. (or L'..inn i >lf. li.i'..- |)lir.i'd a toiisitiiiriililc nib in 
i.:lli;i.lll.y I I. .1:1 ; .Hi Ml. in: I. I'm illi]'i'i rnn" I ;i:;.il :!■-■.•- :i.nls.ii lii.ns I f.i- sill ipli ■ nv ■ if 

a live video feed Is beneficial. 

Un [drill (lately, the use til I \ lii'r <lt>f,-nst' li.rlirs and iHhr mingles Is rare. MosL 



To a large extern, tho iim-r. :l:in^ i":i^ duva: nil- a- .iiv those with the ability to 
bi';rl£o the £ap h-r r.'.rvn r:.. vim il ;ii".i: f lv-. -.i":"' '.vril.s I hi:', dicrr arc t'.vo i mpor 
tarit ralr^r.iirs nl nlii'v all.i.ki'r: I hi.'.i- v. h.i h.r.f n;ai:ii' Inin tlio rral world, and 
lli'isi- V.Ili,:.; tluiuts .n.' .::!i!|. :: :n ■ \ I i i >]'.!■ :■. II n- rn ,:;li.. Iinni .1 :.L:.il.-;.;i' . n.ir; I 



LD'J Hsnlarai. _«E. 




SL'iijiiiv pLTSpciliVL' is r J j . l" luH'i^i; iiii'.llm-.n. 'l i '. ms .11 1' I mdujik-s uussl'ss llui 
kind ul' n. 1 Jul i. \vl liull dli'.'ii jiiiil 1 . i i.i^'- ,i i vb'T allad, Hindi imoip strious. 

All things curtsidcrvd i\Lr-i .iiuiks Iwv IIh- pok'nual In list lu Ihu level uf a slra 



Case Study: Saudi Arabia 

Every cuuniiv Ins a unique pers|iei'tlve mi seuinly. es|ierlally nmuiilry as uadl 

Inili IjiiuihI as Saudi Amll!*. Hill at like lei I al level. Ill' i]iifM I'm slialeuii ivliel 

serially iliijsllj i.nnprlses llieevai I saiaeele Is tiiinpiileT liatdware. suflu;are. 

Iej;al Iniliy svMeiiiailiiiimslialtiis.aiid i vlir'i senirilj i'\pi-its Tlu-u-Nir,'. Saiuli 

Arabia v.'ilere I here is a slni]i}> pen e|iii,jn nfailise r r-rlinn lielrteen nimpnler 

seiLii'iiy and iinlliiual sn mil v. |ui iVhir-s an iusliui live example 

Tin- Saudi unveil tii i-cusnri .i v.idr riiiiif ur iiiliirnuiliiri lias,. 1 1 in a mis nr mil 

rallty, security, and politics. II has bulll n iiiuli.nal liuvall il.'sijniril m keep -|nap 
|ii<i|ii l-iii.'' 'Ah.h i iinih'iii 1 1 1 1 1 ul Hi" ..ii nil i y 1 1 1. ii 1 1 I" hi 'in am '.vli..n' v.iihln ils 



lad li'.-|ir-|:li..^i.:'s exisl 1 1 in i run irrunr.viiL in iiv.'ii pan' Ii .1 lin:.. slrni'-hl lliroii.ijh 
Saudi n-ndon.il hrfv.-.ill. I li' in.-iiiil.' n imimiviiI :i !.'|-.l:nne r.ills In lorriijn 
met Service Providers ([SIM. h.i.:kins Initmn proiocols pseudonymous email 

is puny snrv-L'rs. ci« r\ | null, su-aniiprapln.. iind mure. Ai icnsnrship circum 
.lonloab. all have ilnm;llisund u.'.iknt'ssi's. jud r n ji .l ■ . j I lliemis perfect. 



Seivice Providers must i i:::l'jnii to iIksc rulrs In :i> obtain an operating li 

Suit] lai vs are easiet [<i etilrii'.c in m:ii ie c.iiinli ie 1 . IL.m nt Ik 1 : ^. In Saudi Aiabia. [he 
effort is greatly Facilitated bv the l.nn dvu rhe nviiic lelcr t.mniunications network. 

i 111 In. ling - 1 IT i. ■ I ; VII I g .L:v . mind . ir .ll . ipi Till: hv "Iv guv. ■ 1 : 1 1 1 1 . 'ill .' 

Saudi Aiabia Is home i' ■ some in ih. 1 ir.i "i ivli.ran.l iiiizens in the \rnb '.vol Id. ]"tii" 
thcrmoro. SaiidLs routinely t cuiinin iiicuii t? v.Tibenrh uih. rand with the outside world 

.in ,i mi. Inn .nii.l Mipfvll Mi .[ n I: ■..■i:iv I;. ill.. r. 1 . 1 1 -i :"i -z i t I- 1 1 1 - 1 1 j l-i. -. I'll.' Km.e.iom 

hasbeencormectuiitoihc Internet since VM 1 Inn mini I Uity access was restricted 
to5late,aeHdemie. ineiiiisil. iin.l n scan h iari lilies. ■ 'hxiiiy. home accounts are wide- 
spread, and ttioie are Inn idled:, ol <vU.i .air:, io the i uunlrv. Men mid women .lie 
both active Web surfers, mid their average daily time online is ever three- hours."' 

The amount of data processed by KACST every day Is so great that the national 
firewall took two years to build. Due to the sensitive nature of its mission, the entire 
project is housed under one riwf. Trrhnitians are imported from places like the 
USA and Scandinavia. 1 - hut the censor:; handing out dim lives regarding what Web 

KACST Is analogous I l.ilionnl [.list ;>lli,.' Ihreiieh which all domestic anil 111 

ternational correspondence must travel. There are noiv dozens of private ISPs in 
Saudi Arabia." 0 However, KACST is die country's only olTicially sanctioned link to 
the Internet, and all [Si's must mule lh.-ir (rallir Ihrongh ils j:n1eway. m Electronir 




ever. KACS1 technicians ibsi c h,v. tnuis hot rirrnnicJish these goals without 
strictly reRiilalins Ihc behavior a! irsib.-diul users. Iliiclnic, they forbade the 
sending or receiving ot linn |it<:d i nluc i i;.nn.n as vrell as tIio sharing of usernamos 
arid passwords.'" 

Saudi Arabia's first lint ui defuse nu limJ banned UHLs that ate explicitly denied 
"lien requested bv a irrr Irr.ir, .1 hio-.vsr i v.-md.-i'.v M.iiiv e..-bsl'CS coinmonl-.' ac 
oessed mil side- Srnidi Arabia arc forbidden. 

I'm l!,o;a> vrebsiles II1.1I .i:e albv.rd rb.' ill r Web nv::r;i rmcss ' ;:.id !■: (! 

copies oE Internet sues un ;■■>', run 1,1 II ■ ■nil mi;.l v.eb sii'ers physically located in 
the country. 



leasr I bin \ rarriymes ol |-.-nh: luted 111 :01m. ,1 1011 mid I lie number ot banned sites 
goes well into the hundreds of thousands. 11 " 

When access to a site Is denied, cither because its L"BL is already on Die banned 

pears on the screen, it iiilern:'. rh,- mi 1:1 h..i:i \i;,l,i I [ iiglLsh. "Access to the 

requested URL Is ran allmvcd!" -■ li also Informs i he user thai all Web requests arc 
logged." 3 The second naming is inijK.uaiil b« iuisc law enforcement can. with an 

IP address, find the ramp r l.'iminal 111 oiicmhiii and pussiblv also locate the end 

ii., r 1 1 Ns is '.1 In in in; 1 ii\ k s lii a .ii.iil.ihii Inks n>i 1,-nnnials Hue .■ 1 1 !i .si 

for easy, anonymous web surfing, are scarce. 111 

Tin- li'.oslai)- sislcm drsi ribrd above i. I lie <iih> adv.i Used by I lie Saudi i;i;\i-iii- 
ilient. Howeuer. there are more Milling appruathes [o consulship, such a; Hie use 
ol a VI111H1M" <:! '.'.In, h I ho Siiuib envoi ern ha-. b,'->i: .!■ ■ used I'lacklisls liiin 



approved ny Hie jjuvi'miiiuii. Sdnii- ic[iiiriirii; ltiM|iioli.'d "industry insiders" as stat- 
ing that an internal K.-MJS I ronirniiln: oflkiallv sanctions a list of "drsirahlc" sites, 
and all uiliers liavp lii-t'n hanni-d In ili-lanli. 1 



nl i-rtlt'ar jm*s liki' | mr 1 1. .yi H|ih> ami ■;ainl:lini( 





asURL.IP.domain.uscr.coiiic.it. tile extension, and POST. Tlterc are many more 
.nivalin d Icalnics to ciiDDse from. 1 *' 

I'livaivmlvoi I'liri.v !if -[iM'.v.iiv ( Diii|>,iniis I In:! n 'ale sin IiIddIs I ml inilus 



mem for Islamic Reform In Arabia [I .:. (www.lslall.orp) MIRA'S IP address was 

un KACSTs list of luuinul -Mi 1 -, vdiii h was ;i]>]i in in 1.1 IRA's rompiiU'r log Tiles. 

MIRA decided to change n- IP.nlilicss :inii n nin.-i ri.sn-K 1 1 1. - she was available again 
Inside Saudi Arabia. (MIRA did not know why the second stage of KACSTs system 
was notable to block the website hasi.,-1 mi i ijiihtii I I'.ienti tally. Hie new IP address 
was discovered by KAtiS'l r i ■ 1 1: n: i^i-.^ aLd hi;' I' il n n.ijam Tills process repeated 
■ BcIC many times uvrnnn aivmj;c M IK A was iililc id Slav ahead of the gnvemmc.nl 

fDi aliDLH a .uvkat .: lime Irs rliallr-iij-r- was id mi". I:c I rcsn il S:lik:i ill i /ens anan 

of lis tii'v. 1 n'lilri'ss beion I he hlin I: w:n. In place again. 111 

MIRA s not satishid with tins ii-in-li ,..i ■ I 'A-ii hi: - T.ide ar.~ sock, so its webmas 
lers dev eloped be tter sulul:u:ls. Ii:st. t:.e -.lie randomized its L'Crc numbers, adding 
more than 60.000 possible Wcl: addic-scs !ci|ia.il id die lumber of available ports 
onacomputorttoeaclinewll'address.'lliisL-haiiiieinadeit more difficult for KACST 




Next. MIRA developed a novel wav to let Its lol lowers l:now the new address. Its 
.■ni.nl server. islaMislakorg wiukl le.spmnl Id ,i blank email with an automatic 
leplv. 1 1. man ill in the II 1 .mil |:n: I 1 1 l 1 1 - : L -■ ■ i . I i.un Saudi .'.l.ibii-.. the blank emails wclc 
sent flolil Vicbmail a' < cuius -in h .is I li'Hruil. .' Iiuse :.ci m e. '.vcb applk alum leyiu 




process made it impossible for K.\tS'l' to see when' tlic emails were going or what 
hiformalioii 1 1 ihv contained. 

M IRA's head. Dr. Saad lagih. said ilia! It.lkr.vlng iIfs- rhangs-s. [lie number of Saudi 
visits to his silp rose In 75.111)0 per ilay and llial lirfrar long KACST abandoned ils 
'^rtc;i rs in block the site. 111 

[in! lo evaluate fi'Niiiini I-. ■ 1 1 ii' i:i'- .mI.mi ■- Ii i i I km nn.i.il and |olU1cal content is 
a monumenlal task. Com] mtei sofiwaic- can in ngum* Individual words, but under- 
standing tow they are u^d ;>\ an inrihor in i) jinen senlrnrc or article is much more 
di Ilk ult. Words such as " breast rat] he used 10 block sexual references to women, 
but the system may also block recipes lor conking rhi, ken breasts. Likewise, it is 



rellgioa health, educa 
puter hacking, and pol 
has safeguards against 




have been piisil Ire Fi-i-tllm k 1 1 .1 isl 1 1 1, 1 1 ill i.sni 111 nun i \.wu ,imsi hi ■.iilirv. 

A proper evalual Ion ii-.[uin'- wilijci 1 1 cri'S|»Tts wlin mi- fluent In the local lan- 

![iiii!;i-.ii uaniiallv wppiiMlPind Hint- (ii[ikii]iii[i<< undertaking. 

The problem fur censors is Ihai mm ivhd are luleiil on nblaliimu, Ibrbiikfcil in 
formation often find a 'a.iv <o uui 11 Ami Saudi • iti/1'11- : no dltferent. Some ac- 

, Mi 1 I UN t:i ■" — 1 1 1 l"| ■ I v i ,'. [::iili]]j 1 I'll i|m hit l"i:im::i]' a^-iiu ]i' il'H !:■ [1^ 

monitored'" Others rnui I..- c \pensive lelcplianr rails !n um uuriclcd foreign ISPs. 1 * 1 
1 tic rcas high'. Saudi '.'ilLirji^ liav. arqua'";; dii.xt 1;; i."iTi\lit,? 'iitc-mot access, ".'.■irh 
dishes small eninifih I!) Ml (li'.t i ■ . I h. dii;l l;:ik:uny or rooftop."' 

Blocked wi 



There are many ways tD vrtil cinall ilim nil-ran inivasi'd level of security, and all 

'jf llii'iil linvi- lii 'I'll uvil in Saudi Aialiia M.i 1 1. Aitiiuail siT\ii .■•all- fiei-unil .1. 1 

iei[uiiv iiM islDi.']]liri'i a Nil a i.-al nanu'. ' : U all" si-rvin", altriiipl id imiidh- all 



censors. II empl:>\s vii luaL piivalc inn >rki['a (Yi'Ml ledmokii'v 11 alleuipl lu 

1110 Iw- fll. " ' . . ■ r : ' 1 j. - 1 : 1 1 uli 1' ■ . ' rl i ■.- I : hi'.'. 1 .': .1. i:\il :.i j'.l'Tli iiU'TLr'.J. 

systems such as that used in Saudi Arabia. 11 ' 

Saa.ii \\ I'll Mir In • li.i-.v >il1eii ai. id.' in,.' i,i ,:iii ir:: an, pi' ,\v • -.villi h maki 

web requests ull a Usui's lieh.ilf. bv Miti-uiluliri" ihrn .M il II' fur that of the user. 
Uriwauuil Irarkiiij; soflivai c. mk li as a brinvsei -pinkie." is also disabled in lliu |iiu 





lulu rii'l. <. in in; I L.:i k ::l> luiiu:'^ :: .v.-i-i n:u- rn-, . .■ old is |'Li'.sid h', 

tilI.^Iki:!::. ;i'is1i.'I mail, r.r human contact. 

In Miiiiiii;,!'. uii'.'."!^ i. jiii:i]iii]:LiiIi::il: : I ■ il - . ■. UJl' IL.Ilk li' mi i '-'.'ilk 1 . ILL I'. IM.". 1 

■.inilv a : i :i ; ll n;ilr:< Iki'.v? ::r - .i :; ;h ■ ■ v.-, slr'n I In - S;:.i.li n.ir:.in.il 

linwall has hern siirressSiil in ki'mbiiji onlinar\ iito fir nil visum;; many anil 
'.lus:i::i an!; S:il:h:i v.i'r'siU'S I]- r. ;I is r-x:n iij'l, ihlli'iu f:ir an\ n 
lln'ir I::- |l|-H".V|ii 1 1 : .1 ■ ■ '.\ 1 1 h I !■; I. . ; i. . . |.1 : ■ : i-k n'.'lli'v 1 1: :lll I I ':]::;;' II r:'4 

I U -: ihi I mi il activities. 



that It Is hard to keep up. 1 " 

rity perspective. I here jut « in:, tiis lli.il hi' ahnv.'ainl hi'Viiml jxiliUciilcriUcismand 



Modeling Cyber 



in a Laboratory 




'I-'Il]]^!. 1 :. 'Miliiii III'- Ui'uikK 'ij .!■..!]■.■ |-.il.».'Kili ]' .1:' 1: ;:.i:.i.i. .. illii.'u; 
:!]■.■ :!■[ : _i H'. I !:>■: i- il-.l'.voi f v ' 

The need for cyber delenv '■\n>:i-ci C.IXX) i.s ele.ir. I!u[ Ihe complex and ever- 

..ch.e L.clcic ■ I 1 "i::|:u"ei I :■. 1 Li 1 1 :: ■■ ■ indnc'.i!,;; a u-.ilr.tL' (. UX 11: 

■^■iiix uiuur. fll^lluilj'f .iii'.l in; 1 .' 1 1 ■[:;!;■! il 1 . 1 i>n; hr.ii'm valid 'inlv for a slh>rt period of 
lime. [ he work! ir. c\|:ci iei' in;. 1 1 I \ ■:. Iihi C 1 : c.iiupirting devices. |nwtsi- 
hlg power, user tiLoiul K" ll.'i l.i ]' I'" iK. |li 1: li' al I'll: IV|;[l:iii. .'lid Wil-b enabled Intel 
llgencc collccUon/ 7 ' 1 At (In- saute time, a CDX iL-quic-s die simulation of not only 
adversary and friendh ion .■■..! mi: .-mi. -,[,■■ lj i-tl^[k-]d itself. 

Of course, till' iililitaiv e. 1 i.i :,Iimi]i;it In Liini|iule;v S'i|[...aic 15 now used to train 
lank driveisand pikilv i( 1- jK' >d !■] ---1 1 1 i-i 1 1 - 1 1 - I'.iKIiv ' i impawns, and even com- 
plex geopolitical sccninlii.. Bin ir n-maiiiM imiriAeNal hi nv tloiely a computer sim- 
ulation can model the nnii|ik'jiir. iif ill: u-iil wajlil. Mviiid factors can contribute to 
liiil.il .• 1 1. 11 11 i : iri II : J4H-IL: .■ ;n.-. 11 n-.i ^ 1 -. --.m 1 1 1 1 1 1 i 1 *i 1 -. nil 1 .' ah el- iln::^ .1 ?l.|-.'.i.l v '11 ine. 
system, and even political c-i msi< h-t'.n icjus. In 2002. the U.S. military sjient S2j0 
million on a war game called Millennium Challenge, which ivas designed to model 



with the support of the Swedish National Defence College (SNDQ.'" Over 100 par- 
ticipants hailed from ai rnss northern Europe. 

A robust COX requires a itum -J irri-i ir<-i 1 approach. There arc friendly forms (Blue), 
hosiile forves (Fed), i.iliniral inliasirtirunv (r.reen) and game management 
[While). The RTiind RTsare I he CDX combatants. The (awn Team 1CT) and While 
Team (WT)aie imn-riiitilui.ini s BT aiiacks a^iinsi eiiherin nuist CDXs are Mrlttly 
prohlbiied, 




BT personnel are normally real lite system administrators and computer security 
specialists, ['heir goal is ro dclem; ill.- rtautlciiiia.hv. ni'LCai-v. art: nvadahilit-., :; I 
of their computer networks against hostile l!T atiarks. In LiCS 2010, the. BTs were 
the primary targets insou. in: ih' jr p:u:;i'-v: , .\.i:, ii-.i..:krd by automated and 
manual :,( or iog systems. 

The RT plays the role of a cyber attacker, or in this CDX. a "cyber terrorist. - The KT 
attempts to undermine tiie '.I.'. ut U '. nc-.w-ahs. iimhe; a vac :et v ol hacker tools and 

Either way. RTs Inn like rea! hi.- h.i:krrs i-.i-vi .11- ..'ii'ii-iir.iir. advantage over their 
BT counterparts because [lice can often rnctliocilcalb ■-■.oil; their my through vari- 
ous cyber attacks until di. - : i" . ■■ I n: :..:..:!.■; tlic network.- ,:: 

The WT manages and referees the CDX. Normally, it writes the games scenario, 
inks, and srnri:-ii! '-vsrem ; he W'l wiT make in .qaiae . cra-a aients m aiKttnrT to en 
sure thai all participani'. are ;;ain:ullv emplo-.id ilnr.i:;;liooi the CDX. It also seeks 
r.a pvrvrru ; hi .Hi lie. I .'I -\.:ni; l ■ Ii : p.'ir'l i i. .a' " r I "i I appr .layl ro hi - lii lv 

li ■ .1:11: I -.la:c, a . IJ.X v/ninci-; 

TheCT is responsible for lie sixmos; and busline tiie CDX riTwurk infrastructure. It 
is the in .eaitie Intcrnr-l Scrva. 1: I'r.y.id-i tl^l'l. Id ; : |:.i-.v tr.i pnsr ^ame analysis, the 
GT should attempt 10 record all t.T)X network iraHir. With the aid of virtual machine 
technology 7 , it is technical.'.- possible ir: .-.n r.- run a t I IX nr: .1 hancilnl ol' rnmptitcis. 
Hosier, to simulate a powerful ailici saiv si:?uilV.inl resources arc required, and 
a time- and labor intensive C.iX is unnvaiilnuk'. I'l'he Kb lor example, should have a 
plan that itichcale^ r j l- ■ i ■-. . 1 1 1 . 1 ■ : 1 1 1 : -. ■: I si-.:ul. nr main-' an: manpower) With Virtu 
al Private Network tVT'Ni avcho, .to^ . Hie I; I'. liTs and WT' can be located anywhere 
in the world and remotely co mien 10 rhec l!.\ rnviroiininit. All automatic scoring In 
the CDX is Implemented by the CT. 

Cyber warfare Is very different from iraclisinnul warfare. Tactical victories amount 




In Is a: ■ u.ilK A , ■-.-.(■: .11 1. irk is lie si main slum I rail ,is,in mi] in ilv-if. Inr a. 

an EXlrarprtJinary hum 11s ina ivklr vaiictv nfcniis: n spin nay.' 7, denial of service. 177 

J-: h IITI" V I til J u [•[.'[ n^ail:la .:ll<l . vcrl [ill - iIi'Mi.l.iii .]i 11: 1 1 111: ill nil [ilMIiiCilll''. 

I he praiunv ja,,,; 1 at" i 1 (. I:X l.s II) 1 111: li.lv sillll'l in - lh: .ins. k -= m I ilrii-ils,- el .1 1 11111 

I h 1 1 . 1 ncuvutk. A1 tlir 1-11 lira] Irivl. ilir RT I ms tin- sinm- awls ,is any ii-h]--.vhi Id 
hacker - 10 gain nnantbm i/i'd micis In 1]»' [arjiel ni'Uuuk.- ■ II ailnmnsiratm" 
ni , iti(H' arrrs.s is olilain«l. 111.-' inrniilrr Ill.T.- I)--- able la insNill mall rim is sof't-.vaiv 
and erase [1:: namailLritt I'VuL-.-ir -.- at 'ALU. l-'iirliu-r a: nuns. pussdik. mini-d tu support 

sunn - piiiili' ..I (il mi In., iv i-.ial. Id Ian.',.- in impa. [ film I a mil i' ji .LimuvillKC tn .1 

nat nitialwurlty crisis. 

Inl rusl of a thi'Dicliral ill Inr k. Tliis in lain brlps nnlimial s.s milv pl.innns t . 
determine whether n p<-rsmi "jimp, ur riuiinn cinlil aiMnpt il. Fur example, II sill] 
unnanis dltlicull to i iii.i'j.i i il- a kna h.r.ki 1 |'.is:nv a tlniat tu a nalion stale. 1 "- How 
ever, inline c> her attacks n-i-n: rlian-j.-.- tliat perception. 

II i- .ihi '.si inni.issili:.. Iiii-i: -mil : ilin.nr.n < l)\ n, .jinnlaic 1 1 .1 llir.-.n pus.sl li> 
te. Mililary and inlellnn-nrr- ap.-nrir-s aie Till] scope" aclors dial do ml 
in rnnipntrr harkui;; In aclia-M- an iinpiirlanr nbjrctnr. Covrrnmrnls 
.1 ik-.-p '.'...-Il al cx;i'.-i ti:n- in man-. II ■li:.'.:pa:i' :.. ii. Iirki.i; . 1 ■ |.i. L.1.1 




pliv. iJiunrunimin;!. ili-li-.i^int;. '. ulii'.T,'. diy.uKi'. h bJiLiJ .svsloiils. CIl. " 
Those 5kil! sets are In linn sii]1|imi Ii.I Iiy i''p, i \ -, in I i l. -i I l i I srionccs. [*hysic:il 
slchi ily. supply cliiiiii uj.L'Hiiiiiis. 1 1'iiliiiiiii' 'il Ijumii''^. mi i.il '-njiiiLirniti^. " : and 
many more. 

Thi-S.itiiliaKaiinii.il I. tlmiaMli'-RT li.i-.t-il in Xi '.\ Mi-xiuj. |iMiii(l 1 --.iiiilnis[iii I1I H. 
Sandla has a lony Iratk rernid e iT Mjt if n Hy Im< liny lis < lienls. which luclutle 
mJ]ilar>' iri-'ilaHiLiitiii^. nil t t.itip;uiii-s. Ii^inks. i-Li-^rrii iiiiliiit-s. and e-coinmeite Arms. 



SKjiiiilliiiK Lilt-, iuiui- U.:Xi .i:r ttindir.Iud uillv in ,1 IjIkjm 
llat r till I t'il I llt-IWll l.s ill ill'' I 'ill \\::| 111. I'll ill' 1 lall'T c'.ot'l 
"tlabon! I In- l"IK lii-liin- il Mails, or the 1(1 al lark niav rami- 



In 1097. .in ST nf iLiiru-lii-.- C.S N. I S:-i inilv Aij-m \ (TvSA) |ieisi>iaiel ]>lavn ; ; 

i hi- 1 1 ill' dI Mm 1 1 Kiui'aii hackers r.n jii-i,'il In lis. r.i. iii.- fen hum ml from cyber- 
space. The (T)X mil.' named I ■: I ij.; 1 1 ils ■ K.Ti'iii'r. wm an I'lHirniHis success. James 
Adams wmle In Fareign AHau:. Ihal 111:- RT was alili' In inferl Ihe "human mm- 
111: I II' I :i:l:i " Ullr.'l sYsli'lll' 'Mill :i ' | ' 1 1: 1 1'. /1 11;.; li'Yi-l I'l :| ll-l ' .nr I Mill milling 
in [lie chain ol' command. I ruin Ik' pivsititiil i"i tl'i'vu. could believe ajiylhiilji."'" 
liirrhc-rmoi-f Llifiihlr i(r reiver teas rieditcrt with rcvc-alirij; ih.-it a tvide vonc-re ol 




indLtec 



:DXs that inured aspects or BCS 2010 
er Defense Workshop 0CDW). the UCSli 
he U.S. National Collegiate Cyber Defense 



The game scenario described a volatile geopolitical environment in which a hired- 
gun. Rapid Response Train ol' uehvoik securm personnel [lel'cnricd I he computer 
networks ol a power su|jpl-. compi:]]-. a;-'.u:i >■ in-- i.a'iuylv sophisticated LVbcr nt 
tade.; /I I'. n [.nn Mali:-, t.t: : :: ] jt group.'- 

BCS 2010 had three primary goals, hrsr. ihe ills should receive hands-on experi- 

. - ■! :l.-i:l I. I i :'!■■ . ■■].': i r. -\ -. 1 : 1 1 ' . I ! ill: il ilK'l l '|- i II InLM r.jr II : I . 

(CII) and elements of Supeivisorv Coiiuuiuid and Uala Aiouisilion (5CADA|.'"° Sec- 
ond, the t. LIX sienai in -.niL^hl :o 1 1 1 .lj. 1 1 _ I ■_■ ^ l I I ii ■ 1M1 usm-irul ii.ilure ol \ Ijl-i span.' 
to include the political in-"ii :iii:ii.i! an: I :. p;:l : a. !i ■- ■ . 1 improved cyber defense 
coopcra Hon. Third, partiripiiing leaiusueic nieam 10 gain a heller u nderstanrii ng 
of how io cunduci CDXs in ihe future 

tlngent at CCD CoE in fallum Km a. Tlie ■A T- 11 ingi nieria were designed to 

gauge the BTs ability to maintain the CIA of their virtual networks. Including office 
in Ira si rue lure anil external services -- 1 [u r tw eveni of eompiomise. Ihe number ol 
points lost depended on ihe ci.liralhy of I in- s\ '.iccn. service, or penetration. For 
example. II Ihe RT gamed Admin' Rixn level mre^ m a < iimputer or compromised 
a SCADA Program 1 11 able lugn romioller (p[ C). ilie HT wjk significantly penalized. 
On the oilier hand. BTs v.iiu nisiri'.i- |«)iu[s f.ji Ih.vai leil ai lacks, for successfully 




The RT was given access to the game environment two weeks prior to the CDX in 
order to simulate a degree ni prim- n [onnaissanre. In nntimize tht: CDXs value 
to all participants, tlie WT directed tlie UT to begin its attacks slowly, and to pro- 
gressivclv alLlcaiL- 1 1]': mLi ■ anil m ;•!]:■ :i :. ■ I :1 . 11! a .1'.' :l.:i:-.ul.i ■:!! [lie gaaiu. 

■ . in: t;vv li]. r: -.1. ! nr .n fh-.M\ |-r.' 1:; i' rki :rn's ann r.rhii|r)iirs 1 h.ir 111. 
RT could use. !ra However, the RT was slrlcllv prohibited ['rum attacking the CDX 
infrastructure.' ' and all nltaL/s '.-.ii'.' cinlii.id 10 ill 1 . 1 ■ uiual game eiw'noiuiieiil. In 
ternally. the RT divided itscll nun tour sub learns depending on the hackers attack 




twenty physical seivers m ea.-h i.irk ■ Ihr game ml 111 structure included twelve, 
twenty cenlimeier mil physsi ai ninilels ol lanmies. eai h with Us own PLC, SCADA 
software, and "Ice Fouiua.ii lie™ irks i!,ai 1 In- k'I'aailtl [urn un as "proof of a suc- 
cessful attack. The CT pnwlded the RTand BTs access to the game environment via 
OpenVPN. 



Finally, the WT had access to a inliiisi Msnali/aiimi .■ini:i.iimpnt- :a that displayed 
all Tieuwrk topography, iielwoik liallir Hows oIaciu'I ii-j. ii t-, rli.il < liaiui 'Is team 
workspaces, scuieliuaid. a in I a I.Tn^uliil map ill tin- i'DX environment.* IJ 

BCS 201D formally began when [he Ills ami llie RT logged Into the CDX environ- 
ment. But the most aniiripaii'd an 11 anH.'il when ilu' Rl" began Its cyber attack 

or the BT networks 




Jreaching tlte castle wall 




the "(yberwarfaredivisKvi'nf an cxiiiMiiistPiivimnmPtiial organization called ^3" 
demanded thai tin* power raiii|i,inj h announce Ms inlt'tition to rnnverl lo 

alternative, greener pmvvi ... 01 fai r a < iiupliii;; i \bcr allarl,. Tin? RT succeeded In 



reports tliat the WT had lumhlr iMtisl.iiiui; ,MI Ic negative poiiits for 

tlieBTs. For example, within ,m hour the if]' had established a live audio and video 
eonncelion into one II T network; in other minis. I lie 51111.' had barely begun and a 
dh;il.il }.]>■• \\'.i L \ a It' vi.lv v nrkinj; inside on.' 1 ■ r 1 he puv.cr iimifianies. 

In tlK pasta major thalleripii'irili-rri-iil 111 Cl«s is lh;il![li;ista;Ti dlffitult for the RT 
10 iiLiirujin bakitaei: .mil sustain..-.: picss.ueuuul. I! Is ibmii.L;h<jut the game. Atdii' 
fcrcntstagcsinaCDX. sntne BTsrnuld acquit'- husv. while others had nothing to do. 
To help avoid this Hie WT instructed tlir HTihal. lor each vulnerability discovered 
onaBTnetwork.tlieRTtiMstsvsietnatitallvthn-kalluthei 1! 1 svstems for the same 
v.ihi.'-ra^ili:'.' and i-vi'loit it it possible. 



Phase three called for the HI to steal the 111 networks' "c town jewels.' In BCS 2010. 
ihese '.'ere the internal ne-w.-uk en in lets thai set"..":" .is ihe IIMI for power gen 
oration and management, i.e. its SOMJA inlrasinicture. .\IiIioue,h the RT was quite 
successful in theCDX overall, n claimed onlv Intiitetl virlones m phase three. Of the 



is scill unclear ivhctho;- [his l;T sunns e.yis mtenrsonsil or accidental.'" 

The fourth and final phase of l:CS 3J1U. "waiuou destruction." allowed the RT to 
attack and destroy any li'l svitem in t!iu UJ\. The him! esus to simulate a desperate 
attempt by K3 to cause maximum disruption lo the puv.er companies' operations. 
Unfortunately. RT successes in this phase often denied service to the ssarac comput 

tions of network infrastructure and neajly rain the game. In this CDX, for example, 
the RT used a cuslom coniisiuriKi Cisco ronler Uj siinublss [[sillies at cine point, it 
created such a high volume ol (isiisi itisu i lie I! I' dmisii it sell access to thcgamcncl 
for 15 minutes. 

The RT successfully ailsuskcd several publicly- known vulnerabilities during DCS 
2010. including MHO <m,. MSI IS OCV. US10 02S. and (laws in VNC. [ceeasl. Cla 
ItlAV. and SQUim. I[ hsukcsl sich ;iii[>]n:;il i< nis sin ii sis hxiinla ;ind Wordpressand 
also employed SQL injection, local and lemute lile inclusion, path traversal, and 
cross-site scripting againsi l.innx. Ap.iclns. Mysql. and PHP. Other tactics included 

hack Into more machlties. Tlie IiT Installed Poison [vy, netcat. and custom made 
code as backdoors. Metaspluit w.s.s used tmlcplov icvcrse luckdoors. The RT modi- 
lied con ip misused ;>\ sleuis in v.u'ji'us was s such as alien u^ the victims crontab file 
lo [ iiniiniiihiisly dl'ip II 1 ^-.v.ill rules. 1..IM lull mil le.i't I Ik- RT jitsssessed a /cm-day 
. Iier.l 7- i k - |-Milu : l ii:! '. : ; 1 1 i.sl lv 1,1 1 ,\v s.r il I . ^ isli IS e Ii .; :.>'. 



cumillunicsilioii chsimif'l fssiils slis ( os.sious ■.-.illi Ihe WT. i.e.. mil [ lie ill gams email 
system, which il assumes I illicit lie coiiipiiimiMil. i'insilly. I lie winning RT was suc- 
cessful i u T: 11 in is; ,ii i: I riissililii," jii,- -,iMi i ig ii's ir^isilliil mahvare."' 



SIC Ttit aTiiMyfuvrKnllrnluhy wlulr^ifdiiilnli^lltpSCALM^ulliusiCiruiHXul wutithi-li fuznnt tnnK 



short shell scripts: for Windows. Active Directory (AD) group policies, the CIS 5E46 
Computer Integrity System Kernel Guard, and the central collection of event logs. 
ForallOSs. Ute white/blacklisting and black lug/ black ho leioti ting or offending IP 
add] esses, nil a case by case basis. ]iioved invaluable. 

Tile Cooperative Cyl>er Delenre feniie orF*cellruce (CCD HnF>. Ihe Swedish Nation- 
al Defence College (SNDc; and die Swedish [vfi.nee Research Agency (F01) believe 
i hiii lies 201 n ace, nnplNied n. Muve primary goals. 

First, the GT network lulrastrui line umi'idet! a sullicienlly mhu St environment for 

andSCADA.enablrd.i i ■ ■.. i ■ i| Inst a highly-motivated, capable RT. All 

n ;i:iv '.veiv Ink' - i.-.-,ii;-.k,1 i|n'..i:;h.iiir III,' ia.i tlnv cyi n is:- mill vrrv killi- d.i-.yn 
lime was reported. Further, [lie II'. S 20111 sccnuno desenbed a "cyber terrorist" 
threat that may a Ire; ttly en: busier I he irnnni.il sir uriiv of ^miramMiB around the 

world' 1 " 

Second. BCS 2010 was a truly international cverersc. ISetaLise cyber attacks can be 
launched from anywhere in [he world anil aie likelv to Inverse third-party coun- 
tries en route to a target, it Is critical to develop cross-border relationships before 
an international crisis occurs. In BCS 2010. over 100 personnel from seven coun- 
tries partii i[ialed. Nu melons international partnerships wvic eil her established or 
si rengtllenetl din ing I he course of this project. 

Third. BCS 3010 conducted .i post ey-u ise panic ipant survey '.villi a view toward 
providing a list of lessons learned In hiiuie CDXs an ii 1 1 id Ihe worlciJ" Heie are [he 
highlights 

• There sliould be at ieasi one YVT member per BT and iwu WT members on 
the KT to allow for sufficient nl nerval inn roiiimiinleati™, adjudication, and 
■ briliraijcui on scoring 

■ The WT should include a cyber savvy lawyer to slied light on the legality of 
iinseiipletl attac 1: and defense scenarios. 

• EarhBTmusf have at bast one full ilme '.V I appointed 'dumb user" active on 
Ihe virtual network to make client side ailacks possible." In BCS 2010. the 
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Prior to a "live -lire' >"[« -ill jihi In i[>inns sin ml: I rlcvme iiii< lull day to testing 



:\c\-v\ h.v.' iinp.ii l-.'il :h.' n.il 



4. CYBER SECURITY: REAL-WORLD IMPACT 



Cliapler 3 descrllred a Hide rally nl l.'rhnlial [ hallt'rujt's I" serliririB Ihe tiller 
OM and revealed lhar even our national critical Infrastructures arc hi risk. But II Is 
always important to correlate theoretical discussion with real world events. Have 
cyber attacks truly had an inllui'm r il Ilk' hiejir.',! li'iuK ol government? To wlial 
r'lh'HI h.,M- Hm-i ■ J i 1 1 1 . =i tt-il nalliMial -ei nun'.' 

Cyber Security and Inlenial Political Security-- 1 

Inli'misof domestic seruntv.a ruajui i oiisidci .L;iun fur mam nuvrmmenls is infor- 
mation management, if nut information ruin ml. Hie inuM famous Maniple comes 
from Ikllon. In 194!). In his rum I iVm.'iei';! F.ii'Jili -I'ihii George Orwell Imagined a 
upVerntnenl that ivayed full I Lrn. ■ liilui nialiun w.n fair' .iijain.t lis own cltl/erts. With 
the aid of two way Internet like- "tele screens." :1: 

Unfortunately. In 201 1 some countries an' nut far Hum Orwell's vision and media 

.-.II : ■. mil'. -I'll II-- I h.il .ih - . ■ih'hilK . ;,l!|»I l'\ !■ I" ' inn- - ■! " , ii- :i - I : :| i'v.li 1 1| ik'. Ill 

North Kon.'a. tile work!': .'.1 i':.^.lv l- anil imiIui. I .'luuuv Hie perceived threat 

to stability fioin unrestricted access to the Internet is prohibitively high. Television 

I I.nli \ null y.nv i.tii, Iciriin'h mid ll'in e, In Ou'.vlli.i I riialiuii.il Inli-r- 

cum' wired Into tesldeuu-s ami ivoilplui l! ir- .1 i^li. -in l he I uuntry liilnugh lllllch 

Nnrth Korea's aging leader. Kim Jong-El. is said lo lie fascinated with the IT revolu- 
tion. In 2000. he (jaw visiting US Secretary of State Madeleine Albright his per- 
sonal email address. 1 lov.vv..." :. i.uK|jui -.■[:. me mini uilaljl'.- :n ■ nduiaiv North Korean 
cllliens. and it Is believed thai mill a small tin le ul ninth Korean leadership Itave 
free access lo the Internet. 




tend the Kumsong computer school, .vhore c I ii- Lutrlculuui consists of computer 
programming and English. The students ji i t' run allowed 10 playgames or access the 
Internet, but they (In have an instant messaging systeiinviihin the school. 



Moscow anil Beijing. The\ are managed hi the Km en runipnler Centre (KCQ. eslab- 
llslied in I99D. Reputis suit's! that KCC downloads ufliiially-apprcved research 
.mil ileuliptnenl v. lilt ll 11 o'ler. Id .) vi i v short list nl clients. 

North Korea's oltieiid stno;r ' in lull I I ■ i:-:i.: i uvil'. :■ ':: n ll:c government cannot 
toleiate die 'spiritual pollution' ul if; co-uolrv 1 1 i'.m South Koica dcion: lined 
that North Korea was on( t ill i nq. ji state run (■■-her casino on a South Korean IP ad- 
dress. Since that time. South Korean romnanics have been barred from roRistorinfj 



North Korea is nol alone in leoiing the power of 1 lie Inlnnel to undermine its do- 
mestic security. In Ttirlniienistaii President l'or-1 lie Sii|iai innrai Niyaiov - the Turk- 
menbasht or Falter of All - died In late 20n.fi. hut his personality cult and the 
tightly- cont rolled media he lei I behind have had a lasting impact otltlie country 

Information and commmiaa,lM!ti l«hon!og\ is w.^fulh uttdet developed. The Turk- 
mentclekom monopoly has allowed almost no luteroel access either hum Initio 

handful of officially apptovei I "f bsLtes In 2\y.l\. of all the countries of tlie former 
Soviet Union. Turkmenistan had ll.e fewest nuiuber of I I ( erlihod personnel - fifl)' 

eight. 

In addition, the CIA rcpoi ted m 1'UOi tha; ttiere wete only Jb.UOO Internet users, 
out of a population ol .""j niillinn. hi 2I10G. a lurkmon (oiininlisl who had worked 
with Radio Free Burope died in prison, on.lv three months aller heingjailcd. Despite 

tepeated totupean Uuii'ti ibl i :ki: Is. llteie b.is been no investigation into the 

IncideiiL 



Iwdv/am Iri .ivniSnhS.- ir. I'm lan-n M in. an.l ri'inp;]!'-- nin;; l=, popular. Alsn rlir 
iisi-nf salellileTViKiw rh-- i Ki-. wliii Ik mild \ -,r 1 1.,-: I iii in ipnw Internet connt'cliv- 

Thc world's largest and iilu-: -:;pbiMk-.m-o kilianit Muvdllaiicc belongs lo the Peo- 
ple's Republic of China (PRC), which employs an army of public and private"' cyber 
security personnel [u keep -..■ai'.li ove:- Hi. uLi,:^rL'.. I In- ll«. h.y.i strict controls on 



jjjon. and pornogi-apliv Some sites. Midi as CiHifpV and BBC have been completely 
blocker! J'nr a perintl ill time. Seaivl: resii.ls are hi lie'.vtl i.i I j l ■ lillr-rrd by keyword al 
I lit- national galei\a\ ,md mil In neb browsers In China. 

1 Ik high lf'vr-1 ill sophisl nation ill I llinese l]ller|-el sin'U'tll.iurc is fvkienl by the 
linl iliat some URLs huu' been blockcel. v.KLIi.- i. urtespDmlhrii lop level domains 
(TLD) are accessible and webpage content appears consistent across the domain. 

I j ii-. : Ii;:ii.i:i | u: U' m il lii .la:e l elisor.- Iiip (i.e.. the i.'. a.ai: is nol 

1 ' 1 1 1 1 ] I' 1 [■■ 'I '-- nun mini" I) ,\1 lb- i-v.ri-i in ;. mini - I'I::li nil I i'-- i|i|.'->: m li.is" been 

edited by censors and reposleri to the Web. 





IO support a lona. term UTJIfu;. of iimi conmil. I'liC liilcnicl lottery chairwoman 
Ilu Qlhcng has stated thai Chinas goal Is to achieve a stale of no anonymity" In 
cyberspace. 

Chi no s fear of Interne! h'lvih.m is slnv>. I ':/, I nl.i '.vh<i',e highly educated popula- 
tion lacks regular access m the weh S|m inl iiiii I hi i/nlin:i is [equlred lo liuy com- 
puter hardware, and Internet ennneeilon codes must lie ohtained from the govern- 
ment. This has led Ion ImviIiIh nln-i I Jack ni.Hi Id Ini I'Munpli'. sludems have been 
c.pi-lkc lro:n schtKil lor Iradiir; In iniiicrliuL cink s.S<iin i uliani h:ivc i.umer led 
to Ihe Internet from Ilu- liunn-s of cspalrmirs. v.Iki Iwm- iii turn lieen threatened by 
[be police with cs pulsion from 1 lie country. 

Cuban Decree-Law 2UU. mil ten in LLiLKi suits dial "dittss flora the Republic of 
Cuba lo l])e Global Ciimpulei XHivnik mii\ ml violate ' moral principles" or 'Jeop- 
ardize [i.iii[:c.a! v.<: mil'' lliecal uu'vn: '•. lanzictlier:^ :an :arn .■ pnvai scnlene' 

of five le.us im-.li nj> a (o i-o-volulioiiiLi y ill I.'. ?r\ y.-,\\-.. A I livisl Iv.u dozen 

i'inrn.ili : ;K air now sr i \ i njj, up m Li -.ears in prison. 




In Burma. avcrnp.o t:ili?ens access nol I lie Inrnm'l per sr hill I In' M\ annul r I run 
net." which Imsl.s nnlv a small number c.l nllinalb.- sancliiiivil business '.vclisjlcs. 
I'ai [rl.ii ]!'':'.■ m.ij: i.|.'"ii:. :i jiii.iiI ■ 1:1 jr. .,:i Jn.'A'. J: i"tn:n'.':i.L.il ilIj 



expensive. The Burmese average annua] income Is S225. A broadband connection 
1- SI.LiWl. ii]i. Iln must ruiiimuii fuiiiHif aeri-sv is fin K) huurs: outside the 

citi:-M)l Raiijid Miin.liiln> limp, (lislnnre li't'saie nisi) leipiiieil. Vjitraiire In a 

cyber cafe Is SI. GO. 

Ai-anclin{;1f) I hi' IBS'fi fiinijiulHi Si fc-111 p IWl ijiiiieiir l.a'.v. all itMttmfc it'ailv mm 
puttm must 1j- li'Nislfifil Willi II11' iiiiwiiiins-ril f'ailniv w i!<i sour sharui<; 1111 In 
u-i lii't ( oiimitiidii ■.villi aniith.-i p--isi in rall ies [in Mines nf up In v.'.n s in pMsnn. 

Burma's 5tate Peace and Development Council (5PDC| prohibits "writings related 
10 politics." "inrQi'iect ideas." criticism of a 11011 ions 1 111 uuw Ivpf." anil anything 
rirnenlal In [lie cunriil pohrics lined 



s'"i:l ■ i:.:-'i :i.:l I ^ll'iips .1 :i as I 1: . LHnill I ■ .llnior. nl'l i.iui MiCiNlt. have rum 

palgned fur greater Internet freedom since isse. But them is little resistance to 

Inn tmci p.ovrrnniKV v.ilhin Kiinn.i ns.-l !'. (hie ::: us iiie.h 1,-vcl (:l p.ilinral repression. 



citizens can conned to the web - around 0.2% - through a Funnel of roughly 170 
1 nler net-connected c ompule rs. : ' " 

In Africa. Eritrea has plau-d :in iriJVi us mlt- hs lhe InM rnumry logo online and 

the first to go offline. In November Z000. Lrltrea opened its first national gaieway to 
the Internet, with a capacity of 512 Kbps.- Within five years, about 70.000 people 
had accessed the neb. mcstlv trom a "walk in" ISP. 

There was no initial censorship of the web. but in 2001, human rights in Eritrea 
began In deteriorate, in «>(M.nll cvhci rales were physically transferred lo govern- 
ment "educational and lesean IT cei ihtv lhe nil ii Uil i. msi hi wns lo control pornog 
i»ph>. Inii :niei minimal dipl: kiwis mr sli''|iin ul 1 if i hi- explanation. 

Historically, oral trndnccs in Mii'M l-i i ■ - pkivd i pnv.vilu] role in fostering na- 
tional solidarity. Radio and rbndrsiinc radio stations in the Horn of Africa arc skill 

in I he Sudan, loi cample, has busied llnci st |>nralt ami hi; h. Mil i.nii.i Minimis 
simultaneously. 

Given the low level of liiieniei usage in Ahli h. piillin.il lollies are slow lo shlfl 
from the radio spec i run i in cvlier-sparc However, via ibe wnbrven I he most paro- 
chial factions are able In appeal In [lie crime world, lherehv creating international 
political and ecu non lit support tur liieir : misc. Sues ; '.lu ll as Pan African News and 
Eiitrea Online offci a sui'diiL: .ii.r.m.l el iu:»: ui.'.lii'n .mil analysis, and their influ- 
•'[K e will onlv grow i ivri [inks T'lihr. KilIi'm :i.is .i p:i|»i|.niiML of around 0 million. 
(ifwliiclHiiilyaliimi 200.000 con nee i lo the web.'" 

Two Ihmisand miles In [In- smith Ihe jinv.-iunicnl of Zimbabwe Is engaged In a 
deadly yanieof hitonualicii wail. ire a.iiauisl us own citizens. 

In October 21)06. f'lesklciit Ucbeii Mugabe re|.iuiledly met with his Central Intel 
IL^-?ixc Organisation [i:iui h i ■ lv pu:';a - I n.t li-.r:i^ .'inn intci not sender pin 
viders (ISP). Operatives were to "flush nm" jniirnnli.sis using the internet to send 

"negative" infnrmalinn In inleinalional ila. The police worked as cyher cafe at 

H'lKl.inKanil pu.ed as weii surfers. A pnlii .■ spak'-sinau . nnliniK-il llnl I lie ibaciii 
ment would do "all It can" in |ireveni chwiis In mi w nihil; ' fa Iselioods against the 
government ' Jail lerms weiv up li. ais in length. 




ThoZlrrilntereepliunuf Luiuinuiiicalions Ldl HOT loiter: ISPs 10 purchase special 



similar path as other authinlarian <;uveinin:-n;s. Hiving monopoly control to a stale 
controlled firm. 1 " The lenso:'. n. j l i |_: il one einitv cun'.rols all gateways in and 
out of the countrv. sunn I luxe i\ -m-h '"."i^lei mir! liir government ran charge 
wharovrr prir.e i I desires. 

In many countries. ;i major- I h:illrnr:( 'or die !iov [Trillion: is I he speed with which 
millions of its cilizens liar connected [u lhe web. hi tliere were jusl 1 million 

kornKT president .Mi M :l .:: I ui j-.h e.aniL ■.:.■;. .: thai lb.- Ionian government lias 

Muslim values an' emphasized, onlv siles llial an' "snilv insulting' Inwards Islam 
are censored, anil plili: :il i:-]jij.i<;: I id:i ';ilos an: accessible. 

However, the OpenXci luimmvc csUmarei Urn abjai Due rliuil of all lnternel sites. 

most otTen relming :'i p-: i i - : n ■ - "i _j r . ■ | . I : ir ■! i I .i:].-iit-j:: i :i;4 soil ware 

are blocked by the Iraiaac unvcLiimeii:. '.V' ■!:■■> :. are ::i:ue likely to be blocked if 
thev arr In I am than m I neli^li. hi kic: in Inn ii K i. i lin. nl;'.- illegal to across "non 
Islamic" websites, and l:i mavirimri: |ien:illies :nr doing so include severe punish- 
ments. In addition. Iranian Ill's an' required id install web and email liltermg lools. 

Human rifihts groups, such as lioaoirers W: I hour Ikjidoi- argue that since 2006 
all Iranian websites have had to register v. na Ike amlKiiities to demonstrate that 

as pliulu -sharing Fliekfi an: I video slrnin;; VouTubo are inaccessible for reasons 



On March 14, 201 1. UN sern-iarygernT.il Han ki moon siaied ihai hp was 'deeply 

trials. and possible Ku ril re and ill liealiuenl ol bui I n;ii l iighls aclivisls. lawyers. jour- 
nalists, and opposition aciivisis" in [ran. No U\ liuinan viglils invesiigalois have 
beenallowed to visil the country since 2005. Since June 12, 200B, about 20 foreign 
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of their press aids following a demons! rail on In February 201 1 that was organized 
IO support [lie revolution in E-: S v]>l. Alidalnva Tajik. I hi; 2UIU KSFFNAC press free 
doin |iri/e if i i|iie[il.iv,« e.i\fna'i' y.'.ii jall term.'™ 

During the early 2011 unrest across the Middle Last. Iranian authorities increased 
surveillance in cylx-i'spu i-- In unit in nl^lim i anii-iinvi'i iiiiient prolesls in Feb- 
ruary Z011, independent and in:) rip[:!;;,i:mn v.fliuli;;. nidiulinj; www.farii ru.com 
■ i i "I Mil mm lew. i up, in-it> blocked, riioi Hi ami n'i'inii' iirmonMialinn-, In nil II mill I 
speed has slowed down . .ti;;i nv.;iisl\. Ml -Ij i I l- pjioci- lmmI lex: mesSLie.c t rati r- was 

diMH|iicil S,id |]hi ■ l\' b c|. ,!-,[•, ■ ■->-, kill; h-Ihiliib n> lii-.vs nlmul [lit- n -veilur 

Ill tevpt.vvcre jarniTit'd. I In.d.v. In in i-il.:i" in icdii;i' il-i- number of calls Ebi protest. 
Ihe name of the Persian mnnih ■luhinan" iiniip.hly i on muling lo February 201 1| 
was censored."' 




mous system admiiiiilr.inn- jimicil an allijyd nlljiial bbu NIKi of banned sites. And 
IflbnnlM Iranian !i.;;i-:!.i[.n ■, I i ].f:i'.'- i .ui:j.!ii;i:.l .ibi.nl : i-11-.nrsliip. even p'1-.t 
in); IhchiTiiielsiils online. 



In the Internet age. [he pim-viol i : i ar 1 1 ; i n i : i i ■ ^ i i . -.1 ; ■-. ,~. n c ! i i r i r i\il Hijdety to overwhelm 
gi'Vt-Nimrii< ^labilu^ b;i- ri-t ii in nrvv In ii;h[' In .1 ■ law ■ niiji d'etat, the national 

.: .". ivnn ■ ."I:: 'I I: I'd '■ I'l 111 ' 11^ | 'I t".'- ■.■.'■if 11 i-^ I :r !i [ V 1 .1 llliill.li".' "ii'; 

tlves. But [he Internet lm- i ha nerd the rules ot Ihe game. Now anyone who owns 
a personal computer and .1 l\;i:i I-.-L lii.'ii t'j the Ii-iLi iii-1 possesses both a printing 
press and a radio ir*i nsiiniie-r in ilHrmvn Hhhi fin ilit-nnmc. the entire world is 

\inii(iii[aiiiin i;(ivern[iit'nlv will hi-b bnnlers -.'.ill alli-injil in [art- duivn III" In 

teiriCE to a maiiaeeabL.- ;.]/! . luui :n 11 1 111;. <i: |ili-. ;.:c ;il inli astiuctutt; (e.g.. no uil 
monlmred Internet cafe^i and nifni in^mn nnnenl ,<fiiy>r.liip). Common laws gov- 



1 30 -Human d[to inn^Hplois-' z°l 1 




A cliulleii^e li'i an 1 , now l'.'iii 1 1 li liLiliim 1 -ii >c iiji] l>v dictators - is to find a 

liolmice brf.vocn loo mil-, h .mil ;ou In].' I nr. - :l inEui in i"ion. Although e.::vi:-rn 
mcnR rjiusl hi? given ;i] j] 1 1 c j] j i i ji i l- !,i\y rnimvnivni pom is. ihere may he tempta- 
tions lo abuse them, and risks will follow. 

Governments like those in Nnnri Kouiii mv doomed u> lei! minimally. Tlie Internet 
liiliI lr,i[ii.:i] bchiei thrive CM] lln u;.»u i \' li.ine-.- kit'.u Million. It' civil society 
is nr,t "iven sufficient t'rondnni in flourish, the iceji-ie -.vlli die. In ihc InK met en 
chokinfj online freedom i.h'K .ilso eni.iils chosei'; Ion.; II nn economic prospecls. 





Case Study: Belarus' 1 " 

"torrmillaw.'-" 

I hi- BrU ii-.Mii hrMdnili.il Ai I mi I lis! 1 .1 1 i: iht Im-i Ih ri ml mis nisir h .il: lur.li.nvil liln 
[hrriimuiv.^ ■ Tl-fir .il l- frvu-i !ii : in ll"i |iiufrssi, ,ml ,(ii.ilil\ |in[i:iu<i jiirssrs milsltlf- 

nl -.(.in-' "I I ■ ri'li-iisiii[i,mili,iiliiisl,iiniiis ri v |. . ,i'..inl ni-v.s i;.ilin 

I'rllliT - fin I. 1 1 nl'hisliij; I III 'i! Hi rlr-r - .hii,1 ,11 Kiissi.in TV is h,-.-ivii\ i ilisuiil. : 
III 2riri:1. Fieri II 111! Hi. I IS.- Mllki-[li:lil\ Tillklll.TiisIilll li.iv.T limn Elrlm lis 111 Irrmsill 
ilelHHcraty amoniilhr iiiuiilrirMiriliH [miner Suvlel Utll0IU :,n 

Till- SIMlr 1'VVii. lI I'kIii.;.-. i ill! iiiiiiiii|.i .|^- |\ llir si:li- j'lii' li II I 'if li'li jilliill- rlllil llili'l lir! 

(■(iliriH-[(l'll> iilrh.nirll nil. ml .'-'.I I nil' I ISI'sr ! rm,nj,;I, I !, - 1 1 (-■ |.«( nil ilir ulily 

I. i. .1 1 il I il. I. 'in -ii l.siM ill: - Irs III I v vi,, 1 1 1. ■■ .1 i| 1 1 ii,:- iii - ,i, ...i I, ■ : 1 1 1-: .iii.I r -s I . Il 

iiri«iiik. [S.isNi-i. Si i ii i niftt-rniiii-rii "inn i ils nrr rnfiiii i-il on .ill I eli-iii inn ii in ir.i- 

lli IMS iPCllllllllji.il-V liir |-\.llll|llr. n.lllSiriv-'r S^ll.llilr ,111'IIHMS II 1 1. 1 If M(']ltlUll\ -III- 

liiuliilinnl. Ilrli.-li i iiiiili.is li.-rlimiii-riltiPpci-ii mini i liy |j.>i mil" .mil uf in jimmy 
;i ..li'llMllstr.ni. in i.f Iilk.lt lnv.lllN ti> .ii.ii/-s ils services. AI leasl nut- Del. i nisi .ill 
JountSBsl te reported lo have "disappeared." 1 ' 8 

As in 7imlulmr. t he Hi-ll.-li r>ni iiniiKipiilv si ill I is i-. iiiliTiilr.l iml .inly fur jjcverii- 
nuTir nvi'isicjii. Iml alsn in iiv.iiimi.'r Ilium i.il i;,-ilii. his ilir |-.iIiimiv source of rev- 
enue lur lie MlnlslryorCoiiiraurHcaliunf, (MIC|. J " 

The Stale Cunli.-i for lulin inaliun Si.-turih (CCM). in i.h.irge iirdcniestlc. signals Inlel- 
ItgaiCE I.SK1IMT). controls Ihe'.hy" Tup Level Domain (TLB) and Ihus manages both 
the nalkinal Domain Name Service (IMsIS) and webstle access in general. Formerly 




|i:ul<il ibc MjrusLa.il KUli. UUil ic-pints JiiL-.lK to [Vskkiit !.ufcjshL.-oko. " De- 
partment 'K' (tor Ktioep or Cvbeii. ivitiim I he Mi nisi r-, o I' Interior, has the lead in 
pursuing cybct crime. A 'i>ilui:i:n lii.-iii.i "!li u-.c in iVI.n >r. i- ilcfjllihlg I he "hotun 
iintl ili|;rii[y" uf ^[iile officials'". 

Belarus already has a M;;m(ii .mi hisi nival imliiir.il b.iilles in cyberspace. In 2001. 

2003. Z004. anil Z0nr>. [nleiiiel *i ess probl were experieiced try webslles thai 

were critical of the President, stale- refeiciida noil/or minimal elections. While the 



led the w hill 
:rs who were still 



Election Oay 200T> pio\i(le[l [lie imrld ,11 lilIjiiiiuis e\.mip!e :>l iniiili-'ii iU iy!>ci 
politics. As Belarusiam iv ii> i hi' poll- mi Manli Mi thirty-seven opposition me- 




liuvcrntiictu piotcslui :. cljijied ■■.itli ::>.i :h".. the I:i:'. , in.. , t v-.js inaccessible liom 
Minsk lelephone imnilii:-:',. ^ inornh liLU-i. v.-h.-ii .111 .:|;f:osilii)n "flash-moh" was or- 
ganized over Ihe Internel. .in iYine |-ai 1i> :p; \\v:v |iiunipllv arrested by wailing 

policemen.^ 1 



Similar to Iran, a piliwv k-ssim final lielams is dial Iniernet filtering and govern- 
tne.nl surveillance 1I0 111 ii have n> ln> ( (impieheiiMif n> he effective. Selective lai-get- 

iiij; of kini'.Yii .idwis.ines anil eased compiiler neluuik nperaliniis al : villi al 

points In time, siicli as dining .-Ir'.tit.i is. can he very useful 10 a silling govern mem. 




"Belarus in the Context of European Cyber Security" 

During The UrsT tler;«Lp ( if I III- 2 I si ii'iiunv [iilerrii'l censorship in Belarus lias 
in nine ;i cmcriuiienl (m J used hi nniba! political (iissi-s:l. Tluh iHijjHiiij; cylii'r 
CUTllHtl between Man- and nun Mali' minis is similar Hi I he struggle helnM'ii I In' 

knssian i urn nl ii. iliimi'sii' in I v, is .Hies in rjbBrspace. 

Slate-sponsored polihcalh aiutnalcJ UliiijIu! il-i vice IDLIoSI attacks against civil 
society are unacceptable. In Belarus, this violation nl Ir.-cdotn of expression has 
become a national crisis, lini l!ir- pioblom is m i fuulirred ■.uthin Ihese borders: it 
threatens the inle|;rily nl Inlcniel lesourct s in oilier t'.irmpeau cnunlries as well. 

Mndem technology ull'ers I he '.vnilil sisinilii a nth iinprnved coin inimical inns, lint il 

infrastructures. This not only violates human lijihls. Inn it engenders long-term 
political Instability. Deinoualir slates in l : .nni])e should v.ovk lo strengthen inde- 
penilelir 1 ill i'i i i:-r inshlulloiis and 'Mend tin- rule of |,m in tile whole nf Fu |[J[ii-.il I 
c>bei5pace. 

Alexander Lukashenko has g. n ci neil llel.iiiisas .uiamoi ui since a disputed pollti- 
cal referendum In 19%. His 3111 nim-ul Ins siippiessed fivoiloiu of speech, and 
for over a decade there has been viilually tin Independent ttusilia hi Belarus. The 
popular news[iapers ofthe lflSOs have ceased to oxlsl or liave seen their circulation 
greatly reduced, anil liHlepHideni radio Mixtions ha\e been closed. Sadly. Ihere has 

Tilt- luleiuer. des|ii:e its hi«li "isl in fielaius. has nnsui prisineh lieeorue l hi- null 
souice nf objective infniniarinn for I lie niajoiily of [her ilm'ns. The number nf web 
user s has lion grown In nearly luieouarleiiif I he < raintiVs pnriulatinn. 

The Charier '97 wobslle lias been a leading Beliirnsian re for public policy dis- 
cussion Tor over aderade However, hcraiiseaiartor o7ls known Tur siding w Ii h Be- 
larusian political dlssidrnis thesiie has been 1 1n- t.i: i nl invriad slate -sponsored 
Inlfinol inioi malinn bloeklllf! sltalemc^. 

September SI. 20!) ]■ hi laiu-i.ui Itl'tille! users ilisenverei I 111' power nl eovi in 

incut it) wage cyber y.url i^ninst us own .ni/eus ..n die day of Its own national 

presidential rlecrioris. ,'u )■. . 1 ■ i ■ : r ■ ■ ;. ■ : .n I I : i. :! ncivss to many popular political 
wobsries. -Mlhoneh tl- prihibit. ii sin ■• n.jitie.l ; i r i ■.■i-.|' niLtsi:|e Beljrirs. no one 
in Belarus could view lircirr urilil lire I ul low rug afternoon at 1600. when the Internet 
liltoring- stopped. 



mntiicaTiaiis moii'ip"!'. :■■ |.: -. I i ::i II' I " i i' i ..-n he lik. ted at a envernmcnt 
Internet Service Provider's llSI'j network miner. Lmsral snlclv on ihe Internet Proto- 
col II P| address of the websites in question. 

i \i'Vev. I II ...III In ■ equal Iv siiy|'le !■: I I I'.li 'I' I : -1 II'... ■:' : :l 1 hi' i : - IIMill'll r ellvt.. - lu .ill 

derstund exactly WIiiiL i« li.iiipc-inr 1 1>. Fun simple. I hi: ■|r.i::eroole" computer network 
utihlv. vvllic ]k incasinc:. tli. p-ith: cn.j : km I'll linn:, ul ij.i F.lI:, Litioss networks, '.jii 
be used 10 spot lite: vnl p:;iiu i;f nr:-.\oHi inlerruption. 

Some of the prohibited ',:its were hosted an stivers in lielarus. within the '.by' 
Top Lew! Domain (T'LUi. little >iks v.e:r tlis.itikd bv ollerine. their Domain Name 

administered by Ihe Operations and .\n:iksi', tenler.;: spirial Male .ltynri tin: Fills 
under thedirii I i:n:i!n>l of Ihe !klarus:an I'resinem. On September <l. yiol. the lol 
lowing domains were imiem ltible t. i: llu- ISeljriiiMii i . eb: noiuc.by. minsk.by.oig.by. 



II in Important to note thai Wllhill Be-brnSian law Luto .vere no k-ol .nioundi t:; 
perform censorship ot politico! content oinhi v.eb. What happened In 2001 directly 
violated the constit uiirm l:elii.:.-|:e:r, .nd th L;rli,u'i \hr.b trv t>! Communications 
b::th announ.cd that tee ■ ".!:.<_(■ srt-iiiortt: trout : ■: nii:i' Uclorosians nune. ro ot 
cess ihe affected sites ot the same time, and that rhislrd to a self inflicted Denial of 
Service. I lei ibis str.rv is .'.isv -n rl ispn via ■ .irip!i r.-.-hril.-al analysis. 

For its part, Belarusian ;r;uTin:::i:l leader-aip h.n: no loaituenl. even though Inter 
neleensorsjiipantlronipnt ■: saboioee :in an ollcrsr under Belarusian law. Further 

Urloucr 2-1, ZUOI : The Gliarlc-r 'Of website .'.as completely deleted from Us web 
server bv an untdentirlod coir.putci h.ickcr. .'. lew tkr, ■. attct tin: 1 attack, under pros 
sure 1mm tire Belani'ian secrr ! servi: i s. our liosiin;; enrrpanv broke the terms of 
our contract. www eh in ■■ ■ i , ,,,, y.., , -,, | r ,_, , i : y -.. | ..p.-src on its server. 

lanuarv 20. 200-1 ; For the first time. Charier U7 was ihe rarRct of a Distributed 
Denial of Service (Dl)oS) i.naek. Ihe Ullo!; followed our publication of njournalisu'c 
investigation into a possible tonncr! ton between jno.L ranking officials from the He 



and I !»■ ir.idinj; nl online child ] J'^r" noj • r: ip I IV- 

The DDoS attack lasted nnur ilum tlm-i- weeks ami was supported by abotnet thai 

pi iM il in ii r 111. in ii. - , i):):'. i - 1 i\r IT aildr.-sv-s. II lis rHwjil ui' int. ■. I.>,l u)iii])iil 

ers spanned (tie globe and included machines In Latin America, (lie Uniled Slates. 



Inly 1-1-21. 200-1 : On Inly 14. for Z h'juis. u cyber attack paralyzed the server that 
hosted the Charter 07 wcb.siie. Ii Is believed thai ibis event was a "test" to facilitate 




attack, whit Ii bega n at 1400 ■ 4 hums lii-inre ihi- ik-nnms! rations began -and lasted 
mull die political protests wen- <iu<r Mils illlirS 1 J- J I . ■ sir- me Miiiilarilii-s I : the Ii:-.! 
attack in J.nuiaryof 2004. 



Uclobcr It). 200-1 : ibe n-.-\l scale attempt In blutl. Charter '97 and other in- 

On the day before the election, news correspondents were not only unable to access 

kom's primary rattier. Hi >'.-.i ■vcr.tiwiiv Ri-I.ii i isl.n i n<-h iiMTsivere better prepared for 
this attack and I mined lately switched in Iriiciiu-i [nii\im and annoy misers. 

Unfortunately, the goiei nnieiit hail .1 iw* effei live cyber weapon in its arsenal 
the artificial stricture - or -shaping" - of Interne! bandwidth. The use of this tactic 
meant that, in principle, fbrliidtleii sites neve Mill mailable, but it took anywhere 
from 5-10 minutes for their paj:esin had m a bimvser. I'hns web users were simply- 
unable to gain full access ml harte: <i.' and other iiir-;:-iid sites. Non political Inter 



ie:;.'ll':li:ie. I ill 1 . idle end ill" Hiu.i'i'ill '.'.'.is lirlileiinrv./ll 

March 13, 200G : The next limi! thai Eiehnisirm '.vobsiles iwn: blocked was during 
the 2006 presidential elections. AcLikLpaLuiM thu «o\c in incut's strategy. Charter '!)7 
well before the election tool, pirn c <jM-.ti':1 dsiisilers ninni mus ways ID circumvent 
censorship inaninitijib-.- called lice Internet. Liueni |>.irt :o ihoic dknt:,. Uelr.cs 
iee'r. II' tiller: lailri! I ■..w. y.t. ir-. |-i :e.;:i'; ■.h.n.i;^ or lb sel. rlh.v slr.rvnn :n 
of spcrilir si l ean is (i! I):in:l'.vnllli. ua;> ae,iiri Mireesslullv employed. 

On March 18. the da', beloie III'. clc'.Ui'i: u o usi';^:up 'le:.;' was conducted fionl 
1600 1630. On election nav, s hi- 'In-, ol i>p;.<*It;i;:i pre sir: en rial candidates, politi 
c.il panics, leading in depend cm nrai sources ard [lit i tii crnaii ran I iiloRKinj; siie 
www.liveJoumal.com, which is very popular with Bdarusians. were all successfully 
blacked. Bdiek-koni announced linn [lie service interruptions ivcre caused by too 
many useis trying to connect to ilie aliened sites, bin no formal investigation was 
undertaken. 

April 25-2S, 2008 : On the eve of massive street protests in Minsk, which Charter 
■97 had intended to broadcast via live web-casl. the website suffered a DDoS attack 
that paralyzed Its server, This ivji fuiiither ' lest ' which la. ted 30 minutes. 1 " 

On April 26 - the day ol the planned demonstration the real LILloS attack began, 
five hours before I lie siai I ul Mi.- piolist I he I.iMi: 1 ;.; : -:iii:|i nn ww.c.lhcplaKcl.com 
■iissdu i whelmed. Ik li.ii-le. .ire was designed to carry up to 7nn M bl t/s of network 
name, but the DDoS surpassed I (.bit's.-' : Tbeie Has mi alternative but to turn oil 
the website and simply win I for i he attack loend (mi ihe loliowlngdayl. 



Other Independent online iu< ilia were [aie> i.-d .iiiinli iiii inisly. including the Be- 
larusian -language version of Hadlo [.ibern." A server liosilng ihe opposition site, 
'Belarus™ Partisan.' for several days came under die com ml of unknown hackers. 




The leelioir.il del.-nsc rapabililies of Ilie Radio Liberty server - tlOltK to Its BelarU- 
sian. Albanian. Azerbaijani. Tajik ami Isli ■ — i. i:i services - were sufficient It) withstand 
the attack for more [ban :i days The -lie iviiiaue-d accessible, hut was nonetheless 




the Organization For Sctmih .ltd ; ix.p.rair.n in eumiv i.OiCD issued a statement 
condemning the cyber aliatk. I he- ESr-hrusian l.iaii'.irv i.( t'lireign Allairs denied any 
involvement 

June 8, 2003 : The must intern u.vaiupk- ul a politicalk tnoUvalcd UOoS attack on 
Charter LI7 occurred u'atir.;; a pulif-al n/; Ijer/.e-e:! the e> lYei'inietus o! Russia and 
Belarus '.vhleh result; r! n ily iit:|-,i-. r .iin.n . llns^an ernnr.mic sanctions against 
Belarus and a wiirsrnni:? ill :i Jural siliulimiiiMiic Belarus Use If. 

Tlie cyber attack lasted in.ir.' liain a v.cek. Lied lui a aIhL' it iiaialv^cd tile lale coin 
plerely. The strength ot tlr-DUr.S in i Ins case rats not pi iirularlv high: only around 
five thousand IP addresses mak pari In it. In riuiperaiinii with our ISP, the Charter 

t.Hiiiviiura-iiiic'. and ilk'it (■(le.ile.encss: fh.uier ■ ,■ I . ii:p.i:liii k baking I . r 
ways to counter government ( ensui ship. Inn tVri-is nu tdulptixif solution The situ- 
ation 111 Belarus is best tli'sriib"d as an '"ilral ir. i iiil maneuver an opponent 'Vila has 

Over lime, Charier '!)" liii'L Immil si una a I is '.vers in terhniiioe.v and in cyber seciirily 
espiN-lise. Iliei muled lliiii silt; in a iviali'.eji |m>.uiful liaidencd sitih hall! 
an Intrusion detection system, and c. instantly monunr vulnerabilities. They use en- 




PHP, and MySQL- 57 All Inld. thesi' ell'tuts iN>a Inn;; Invalid preventing Ihe eurn- 
ptiiiiiist- iif i lie- ™-b server. 

Charier 97 also launched the Tree Internet - project, which provides recommen- 
dations Iti visitors In case the slle ben Hues ntiavaila'ik li explains how lo use an 
Internel proxy, antinyiui/.-iv Viriual Pi iv.it.- [vmoiks (VPX'l. iintl software such 
as Tot. - This iuldi iiialiiai Is n-limadt asl via liSS- : anil iiiinw w,-i> Silas and visi- 
tors are encouraged tu diss.-nnini<' ii I In i .iljjIi ilieii i iv. 11 hliijjs. dial moras, social 

iii'liMukni'i. I'll-. These nieas s an' siillirii'iil In ir..-ic. nue ■-. i ing)].- IP Mariana, but 

there Is still no solid countermeasure to DDoS. especially with limited resources, 




There Is actlv* a i peraUan between BelarusEan and Russian Intelbgeno agencies In 

. ■.TV^p;. i\ ■[■». III;.; ill III' A £11 .Tn.nl ■ ill L'i::ip.'i.iri::ll . li.' 1 :irllnl. 'll'Y. ■. ' lr ll ■ il 
liuli'jK IHlnil .Smtr's H'lSJ In Coinliillii]! ly In 'mill if sigtuil In S1HHI. And Ihere are 



International Conflict in Cyberspace 



Chapter' 'I has" demuri-tiiied i In n mm i\ lm >• i ■! r is i I i ■ ■ m ■ I \' perceive a clear con- 

necl ion between cyber sei iirnj .mil unci i ml pdlunal wm In. Bin what about Inter- 
national confllrt? Tci what i-iaenl i;m n; n sin Il-s Ihiealeu IliHr peers. Rial even 

defeat (heir rivals. In rvlicrspai e? 

In tact, nil interna limn I |ju[in. ,il mul iiiilii.ui i uiillii tsniAi lime a cyber dimension, 
tile size and litipacl ofwlilcli are dlilkiilt In pieillt-l. Today practically everything 

tli.il happens In I he "real wui ld'is "in d In rvtirr.p;i- ,■. and tor national security 

planners this I tiilutlt-s | <i < iinji.i 1 1. Iji. espiinijue and - magi uiikiiusvn but Increasing 

The llllT-l llr'l s lll:ii[llhims ami Ulljil Iir li.lil.- , iiiiliK t.-l]Mi,s iilll milk.- Ill" haul*- 
fought IncyllerspaieJiN as iiupol lanl. I( 111 it mine vi. Ill.ilievellls laklllg place nil 

tin : is already ciinuimiiphre. 

li-ir ,11.' five IIIll'I 1 ,ir is !■ i-x.i u:[ .],--, c 1 u 1 1 mi;/,'- I II Is Inuyei ,n|'.ii".lii.gi ul wlielliei 
computer liarkers will i.ike winlil tellers liy surprise, hut when and under whal 



1. Iieclinyn ISJ'JtJs: I'l'opaganda 

In iho Internet era. unedited news tram a war Ironl can arrive in real lime. As a 
result, Internet users '.\nrl.-kvittr p'.iv an Impunant mle in international coniiicls 

Since the earliest davs ct the World idc Web 1. Itcclion guerilla fighters, armed not 
piuverot Intmiel enabled propaganda. 

Since the earliest davs of Ihe W11M Wide Well piu Lhet hen and pro Kussian farces 
have waf-ed a virtual i\ai on the Internet, smsuluneuus ivnli their conflict on the 
ground. J he (.'hechen sep ir.i'ist movi'tnen' r: p unr nl.ii e. .-r.n^jdered a pioneer In 
the use of The Web as a Innl tor delivering powerful public relations messac.es. The 

war funds bank acton , ■ n ! 1 1 1 -i ■ i.i- 1 I 1 1 I Mi- .- ■ .1 m unite the Chechen 



lit^ilol iuifjc;cs i"i blood\ "ii-psi":. ^cr"-crl lo iurn 

di'fir in wliii.li j LIhilJilji bus wns jLU'.kcd and m 
111'.' lUUULJll appL-dlC'd Orl Lllil' Web.- ' As [cchnoli 
■.'..il.-h; d ^.■rc.nilliri" • inro.'. "'I l.ivonitlr 1. h-r rl'.r R m 



'I Ik Idna'.m Arm r!!< ill .idrnill -d !hi> rnvil - n i.ii;>:(v,v I', lin ing in ivbr 
10DO. Vladimir I'utln. then Russia's Prime Minister, stated [liar™ surrem 
it i raii! ■ami? time ;ifia . tun r.ow w( no c:i:i'i'lnq i:i? sam? again.' Mow 
lip IH|>.-]| ihr HV-'il in '.hiil:|llj:dir-.v|i I hi' unpiunm p;.) ( I if :Itii lirivkni 

Llup.ul;; [If. 1 ii»<jnd Ll^lli.'j] wai l.l'J'Jj ^'JlJj) Knwiiui ollk'ials wuiu j'.i'u 
■ Mlilllll.L lln i"\ 1 1 1' I : .:i I]. I lr. l!.li-|'ll|L ulfii i If ];f-u wrbsni's. I hi- null II 
| il ii '.I h .11 1! hi <il .il Ii'.im ■.unir i.t : I ih- .ill.i. ks mii;'V Mi'd ii.iunri sl.ili' InuiKi 
,'■. i r 1 1 [ >l. ■ k.nlui/.urn (li'slcil in 1 r l ■ L : .S.I v.ii* l i'pu] leiiK kiUf.kril i)!llini' s 
ifjsly Willi III. ■.!!!] i liliiu Li Hu.'iini sf.i'f ml liners nl .i Mii'in.'. iiii..ji,'i' in 
by Chechen lerrorLsts." 



Kosovo 1399: Hacking the Mililaiy 

In globalized. Internel ■■■inn mllu is iinmut- witli-n .impiiM and a connection to Ihe 
Inlemel in a palrntilil mniljal am \'ATITs liril maji.r milium- engagement fallowed 
theeiplusivegmvvllinTllii' Wli ilinliiLi ilii' HILlllv lu>l a-. Vietnam was Ihe world s 
first TV war. Kosovo was ILs first broad-scale Internet war. 

A.s NATO planes begun to bomb Serbia, numerous pro-Serbian tor anti-Western) 
hacker groups, such .is Ihe "Black Hand." began lo atlark NATO Internet! n Ira si rut - 
lure. Il Is unknown wbi'llii'i aril ul I II. - hru-kfrs '.nuked direrllv lor Ihe Yugoslav 
military. Regardless tliuii r.iand gii.il was in disi ut.ji NATO's military operations/" 

The Black Hand, which borrowed Its name from the Pan-Slavic secret society that 
helped tci start World War I. il.iimi'd il rnulit en'mienim NATO's "mosl important" 
computers, and llial [hniu«b haiku!;; il Atnikl alleinpl lu "delcfe all the data" on 





.r -.ViiT. '.il'oliilieillK nk'll Otl lino.'"' 

NATO, LI_S..anri UK computers were .-ill alli.t ked [km tie, I lie war via Denial nf Service 
and virus Iiilc'Cle'd email 'le.eiiiv li'.e d:li'.::enl Mr. mil-, ot \ h uses were detected!. ' 
!:i llii '. .S.. Ii.: VVIii-e I Liiii-^- v., l,:-.ite v..r. deliLt id. ;nr.l a Sen' I !:■.■;■■. 11 1 -- n--- - - - . I :.!_.. 1 1 : ,n 

ensued. Wliilc tin.' U.S. claimed hj hau- .iiiletediiu impair omlic overall ivarertort. 

At NATO Headquarters ill Belgium. Ihc attacks became a propagsnda viclorv for 
ilie hackers. The PJA'l'U puliac .illair:, e.ebsiLe die wai in Kosovo, when? die or 
G.niization '-OLi^fw ii' pen i:iv it^. ■•]' k 'ii ihr ri.nlli.'i 1 1;> hrieluips and news updates. 
»» "virtually inoperable for -e'.rr.il [lavs' Villi .spokesman Jamie Shea blamed 
"lirB saturation' on "h.xkr. in hi.-isnidr' \ si nr-tlirairoiis ikxid of email successfully 
ehukedNAl O's email server. As I lie ori'.am.'alnm rnrleavoird tu upgrade nearly all of 



Middle hnsi ?nnn- Targeting Ilie Erciiiomy 

rimme, 111.' I', ill I W.M I he Mil Mil- F..-.I nl'd-n s.-iivd :is a in i .\ 1 1 ij; e.iuiunl lui mlliLiiY 
weapons and ladles In Ilie lulernei em. II 1ms dune tin' siinn- for cyber warfare. 

In October 2DO0. follow lug Ilie abduction or three Israeli soldiers In Lebanon, blue 
and while flags us well .is a vnnni file playing the Israeli iiEiilunal authera wen- 
pi, trred mi .1 I i.ii lied J ':i!l,t}' isie ■ Snl i-,.'. [ii, -nl piu Israeli i:(l,n k-. J . h l - 1 1 -t I 111,- 
Official websites of military mid pt.lille.il laismi/alluns n'rieived hostile to Israel. 
Induditig die Palestinian National Aullmilly Hamas, and Iran. - 7 

Retaliation frumPm Palestinian hackers was qulckafid much mure diverse In scope 
Isiaell political, milium, leln uinmunli aiiuhv media ami universities were all hit, 
Theatlackersspecllitallv kiigetrd siie-L ul pine ivunoine.- \alne. Including the Hunk 
of Israel, e commerce, and the Tel Aviv Slock ttthanEe. At the lime. Israel was more 

wired to the Internet Ih II ul n-. n,;u||l „ ,i J. , then? v>-as no slioilagc 

of targets. The ".II" coiiiHi '.■ 'I.'iii.un puiv,, li d a -.'.i ll lvii'i,.I 1^1 ilia! pro- Palestinian 
haeki rs milked llimurjh luellmdically. 





U.S. and China 2001: Patriotic HacKilg 

On April 20, EOOI. n* Federal Bureau or InvpstiBailnni [FBI] Nfliumal Infrasirrjc 
lure Prou-rilon Cenler (NIPC) ii-leased Advisory 01-009: 

niiim iv. fin i-ktii^ ik-Ki.'i'ii i h i l ■ iiniii-ii f. s ami ihf r<-n]iv-\ r^au nrrhin.i 

(PRC). malicious liaikt'ib have fm iilnli'il '.vrli .[: ■I'.i; .tiih nls liver the Internet- 

Thls coin mu nil aLlon is lo advise network fldinlnlsLrdLors u[ I lie pulenLlal for in- 
creased hacker atlivliv dinned ill U.S. swems ... Chinese tiaikers have publicly 
discusser! increaslngrheir.ii liviiv rliiiinj', ih.ii prr....d. -.viii-: li r oincides with dates ot 
InMurir siunlhiancr In Ihe PRC."""'' 

Tensions had risen sli.-ivjjly Iihulvii lhe livij ttjmitrirs liillnn injj the U.S. bombing of 
llie Chinese embassy In uVUnidi' in HHlLi. (Ix- mid .in rr,|[i,ion uf a U.S. Navy plane 
With a Chinese lighter Jot over the South China Sea in 2001. and llic piolonoed dc- 





Hackers on belli sides of the Pacific, such as China Eagle Alliance and PcizonEiOx. 
began wide scale v h . c^'iiii.- '0-1 ■ ■ " ■ ■ 1 11 ■:- : i"i and r.nili n r pi rials with titles such as 

claimed defacements and DoSs in the thousands."" 

The Hill Invosiiualed a Honker Union of China [HUC]. 17day haiku, a California 
electric power ej id lest nei ■■■ail. ihai !.■■.■ oil A|iiil J5t Is. ■ ' '1 he case was widely 
dismissed as media hypo at the lime, but the CIA informed industry leaders In 2007 

I lili ahead' happened.-' - 

Cm tire anniversary ol ilns > ■. In .var. I'iisiix ■irri" braring lor another round 
nf hmkinfi. rhe Chinese ROYerninrnl i;. ',aiii in have sii.-iessliilly railed for aslanri- 
down at the Last mi una-. ;n : :;:. : imv; i h.r lniiev Ii.i. i^t 1 : may share a greater de- 

Eslonin 2007: Targeting a Na'ioii-S(a<e 

On April 26. 2007, Ihe EMmilan government moved a Soviet World War II nirmo- 

nal hi hi! ii'Mi-r ol'ils i .ijjiNbl In a miliary ii-weli'iv. Til.- iiiuvi- iiill.iiiieil pnNI< 

opinion both In Russia anil m i;IM..ni.i\ EiiMian any population. UpglnnlnK 

in A] ii II Z'i f.-r la: I ;yiwnni. ol. lav', .-nl'mi i-im-nl. lunkiiiij. iln air I hm-iiit'i 

1 1 -i f □ 1 1 ■!■ Iiiit Ill I i-il llili-i- v.-i-eks ol' i \t"'r altai ks v.lniv- imparl -I ill yeneiarm 

Estonians ccnducl over <)R",,,if ilu-iv hanking via electronic means. Tlierefore. the 
impact uf multiple Dlslrihlili'il Denial ol Servin' iriOiiS) allarky which Severed all 
communications to I In- Web pn-M-iKe ol l In inuiilivy. luo largest banks fur up Lo 
two hours and rendered iiin-rniillin.nl services [MilialK unavailable for days at a 

Less widely discussed, hni likeh n[ (iieaii-rcinh'Tnicni i- hulh in national security 
planners and toconipoiei m muk di'Sinv peisonnel - were the InierneLlnfrasiruc- 
turc (muter) atlacks on one of the Esioninn i-ovi'inmenls ISPs, which disrupted 
;?nvci nni'/nt r' lnniinnii iiti' nr. I'm a '■'li'iii" period of tlme. ; * 





Ilrvlaliuil ul NATO':. A; li. I'.- . ■ . v. Iikh -la<;- dial '.In .u iili 'I jU.iLk j^ilnr.1 one |:\lti 
anec member]... shell be ronsideied an a[i.-n-ka R ain.s[ ilir-m nll.' : "' Article 5 has been 
invoked only once, killtmi: (j. di.' UTnaisI jink Imi! n lumber 11. 2001. Potentially. 



of the Internet, the ni]>i:l ;l >vrh|!m-:'ru t;l l:;irkii am..'. :irnl unities, and clear cut 0 
ample; from rurft'iit events sumj.si linn cvln'i at Uh ks will play an 
iiii|;i>i ii>in.an(l jnTh,i]is ,i ItMil nik-. hi fi !■ iiiiriii.iiinii.il mnfllriK 



lion, in jllinlure niilitarv campaigns:'" 
■ in2UU<J.du.m]i> j lime ;;l domes;];- political rail. I i;f.k;-rs knocked the entire 

nation stale of Kyrgyistan offline;" 1 and 
• In 2010, tbe Slvmiel worm a as l>elii'U'd tu i)c l isf iimsl sopliislicaled piece of 

malwaie yel examined Ijy publit rese.m lii-is and is ivid.'b ii.-.oniL'd In h.iv 

Iteeit whiten by a slate sponsor. 36 



k vol i>] '.itider.tandinp r:. tI,..' r::.:hi'.i.:r:^v hv. ,,r.: \ :vl3tcd lo cyber attack and 
defense so 1 h;*l it can <<>inpeiHr. 1\ la:'i;r ::y!ht oanllki ii'nnrlsrn and vvarfarc inlo 
all Masiri o] rijTit:iL;il vi uriiy planning. 

Part 111 of [his book will i-.\ibmi I lour il-JI(»:iMl:jl inliiuil Males are likely to adop! 
as thev seek to nutiyaio [lie tlueai u] l'.".».t attack- anil atteaipt to improve then 
ii-j:;<iii.t: .-■, Ixt Hl- tf-riso p..smrf. 



III. NATION-STATE CYBER ATTACK 
MITIGATION STRATEGIES 

Pari HI will evaluate ruin- likely .sii.iifj;k-s ili.it hdvc-i riiiir-iiis ntll e n iplnj' in mitigate 
tlx? cyber allack thre.it: the "nrs.1 aeut-Min.ii" line] net Pinliitnl version 6 (IPvG). an 
appUrallcm ufthf mirlcl's Ik>-.i liulliiiry (liM-lrliw CSim Tzu's ilrf af»&r) lo cyber war 
fare, cyber an ark ilHi-rri-iii e .nil i yl»'i iinm conltd. 

5. NEXT GENERATION INTERNET: IS IPV6 THE 
ANSWER?-* 7 

security lliruuyh iinprtArd t. ( luiuiiiH'.. Ami the must likely candidate to have an 
effect at the strategic level is a sleeping jjijnl the new 'language' of networks. 
Internet Protocol version 6 [IPvti). 

In fact, due to Its stellar number of viable computer addresses and Its enhanced 

security features, many ri.iilnns view ll'vti asi rnilal loihrir Itinal security plans 

fur the rulure. However, lis 1 1 i l.; 1 1 li-,iinine.t line I i.tv Ltd niyiiad (.uvernnlent agencies 
and large businesses in miss deadlines I'm- IPv6" compliance. 

[hat lire "nexL-geriei'iiiinii Inie i ivill li.-n -■ wlverse effects on Individual privacy 

.mil i mime anonymity. 

Regarding IPv6 security, a key |>uint in nnili-i.iiiiid k i liai . during the long transi- 
tion period from IPv4 io IPvD. Ilackei s Ivll] be able toexpluit vulnerabilities in hull, 
languages at wire. 

IPv6 Address Space 

IPv], the current laiigiiajir i.l iln-1 rn.'S . will inn nut n( available IP addresses - or 

"space' from which one rain (ii to I he Internet - in 201 1. The address stallage 

Is especially acule in ihe dev,.|!,|iinj; v.-.nM v. hit h nmiierled in I he Itilernel after 
most IP addresses had alifadi In in ,dln ^ied or bought/" 




IPv6 decisively arism-is the imtI lur inuie IP addresses, ll'vl lias around four bll 
lion, which seemed like a Lor when the |>l.iici«iI was v. ritn.'n in the early 1380s. bill 
isinsufficicnt today. ll\'U.de\elnprid in ihclaie ISJUOs Ins 12H bil addresses, which 
cnraic 3.10 irndedltlun IPs." or 50 octillion fur every human on Earth.* 1 " 

As jti added bunus. il'vO employs much mure powerful IP "headers." ur Internal 
niuiiaec-mciH data, ■■ihi'h .ill-.:-. / hji ii.uk 1 . jiJ arii.^J xliiiik-l m.d custoniizjuoii than 
wilh IPv4. IPv6 headers "ill he used to support relcmatics.' the integrated use ol 

I ng lifestyles.-" 

Improved Security? 

But [lie must impurlunl :r.[.ul o:' 1 1 Ir-.v ilus iv-.;u.li is Llial rl was designed to 
provide belter sec une. lhan ll'vl ■ [he i_i.ii! a;;s io build security into the protocol 
ilself. Thirty years ago M defeated mnro fealurr rich nvals prerrsely because IF' 

it* Implement and i cattl fh [Hotalein ■ ■■ tthsU tP\ 1 S I, tdt of intrlrsic security 

Ml unpen in misuse. 

Today, a better network iinilit.il U n. 'riled. I .in] 1 , lor si.'j'aiil lor security. IPv6 oners 
rlear security upgradps ovpr IPv4. First, IPv6 Is much more cryptography friendly. 
A mechanism called IP Settirliy (IPSec] is huili directly Into Ihe protocols curle 

snltTmg-^andManiii ii,r Middj' ( V 1 1 1 A I j .iiiaiks.-' J ' ^ 

IPv6 also offers end to end connerlivily. which is all'unferl by the Incredibly high 
number nf IP addresses available. Since It Is possible, in I henry. In give anything 
an IP address, any two [minis on lln- [rneim-l in,n iiimnuuikale directly with each 




I li'.^'- <>|ji!:-.id'j:. shook] Iiluc ii i [ : i- .- i - j i I :- ti'^hv'. ik lj jl . I in cxompli'. the 
i] -miml nomlxT :;l II' oddit:.^ r:i-.v-. hm:-? 11 1 1 in " .nr:'i kio' will no I in.sj.i in- .' 

move [vslslnnl (o sell piopjEiarjiij; worms.' "■ 

To improve Slraleejr rihei sicuiilv jirasi E I in. ■ Interna, any successor HI 
ihoukl ho\o o ^iljiu: Illus on siil;lIoi\ ..ml l.^ji-.- :c..e.. lim i iiL 1 nj^auon 
prv-|:.:i rouriBip, II' r.<v nll.f.- -;in>m. ! nrrnnin-l'. vod-, M'vtj Thsij I ^ 1 h r r r 5 si 
liilrtnel [jiRirccnii'; [:i',k lone ill I I i ■ i .-.il ,'rl iht' lirsl [1MJ I'brum in lUUii; 
there- are IPvB sued lie lask fuiH worldwide, which soil have Uieopportui 



IPv6 Answers Some Quesfions, Creates Others 

Inspire of ihcse promising rlvim-.-teristirs, It is unlikely ili.n I IMi will End cyber at- 
tacks in the fuEure. Hackers ir.iYL ahead'. Lkiininsiinicd lhal ll-'vliii not Invulnerable 
to many traditional. IPv4 ait.ick nieihuds im-kidine. Do'-. ■ pocket crafting.-" and 
MUM attacks.-" Vnlncrihillm ^ in soliw;rr<- (opriJirki" svslcnis, network services. 
Web applications) will r oil! l:ulh ■ lo csisl. no malii-r which nnilor.nl they use. 5 "'' And 
pi-rhapi, must ciuculri. all ir mil;]] li'Sn is .il.illidik-. n i-i no[ |-eoulred.-" ; 

As an analogy, tlie histor. ol 1'uliln Kev [nil j-trif line- ll'KIl- ■- does not bode well 

organizations, rmd In ihn twine, ihe wuiic dvn.miu i mild lumper Ihe large-scale 
deployment of IPSec in IPv6. 

other documents. Via i ■ itemetal i ■ - - . . ■ I ■ : i attempt to use hacked cninpnl 




'.'-L.i[Lip!i\ ;[ U : -, L- |>ici \::<.U:- ii;^. >[■.-. iiIim.iI I:.:: ■.■ ■.lining, hackir^ ma 1 - :[iiri-as 
ingly target Certificate Aulliorilici, (LA? and Domain Name Servers |DNS(. In fact a 
successful n^][^|M L-iiHs-.- '.'I a :.■. [•'. ] : l i llv" ljc ru'iuiKii an attaekei 10 ucquiio 
detailed knowlcdflc ot a v.rso! Local Area Ncnvork (LAN].™ 3 

The necessarily king [ramiiren period v.-ill provide ils own srl [if challenges. The 
most important is thai, as die ''..'[111 use. bnib li' lan.Luau.es al once, hackers will 
have an increased "attack suilarr. J hero will siiupk be ;i lijnhor number of vulner 
abililies lo cxploii as compiiier srruriiv personnel .i"' kirrrd in defend a larger 



\ aid complc\ em ir;:! linen [ :is;r. allow some ( \ her ;>[ lark-, In slip lluoiajli 



analysi.' - Tin' likely ivsiili is 

("oiisidei .mid : imliimial ' a.pe I i if IT-ifi. lis nilende'l film I Inn is ase 

and increase inuhl lily llinui;<]i enhanced nil hoc iicle.oik assooimloils. This appears 
to be an exerting pail ol' I lie v.oilil's Inline lu-livoiknii; paradigm. However, auto 
con figuration would also seem lo u/eally complicate In- tusk of iMcloiMj uelwork 
enabled devices dial enter and leave enictpilso boundaries. 



Privacy Concerns 



Khiiii ,. law enlm 'ill .11 ir( riMliim.il in lie |hts|i.'ciiii'. 1 1 ii 'i i' i.-.MiiHe.irle IrilH 

141 in I he Implications u\ If'vti (ui >nln» jhh.i y and hi mm limy, which will haven 

llitljllhle Hi .11 rc!ulKins hcllli-cll J;uvcl mucin .null I Vll society. 

IPv6 security, specifically hi I he form uf IP.™, contains ii potential paradox. Users 

gain erici-lo-enli curiiiei lulu Willi |n« mn] ,ni|iiiie s( H encryption ID obscure 

(lie content (if ittetr rum mimical ions, but the loss oF Net™* Address Traisbllon 
INAT) means IhHI II Is easier Rir llilnl parties in see whii Is riimmiinlraMng wllh 
whom. Eveniranenvi-Mli.i|i|-!-i is inl uhli- in n-i.ii i-m n pied cninem, ■traffic analy- 
:n ilit-iii-iliiilli,iM.f'iiiliiiiii.iiliinii;rili-iil livairilwlngi ii ii iii .mini i>,illi.'iie 

- should he easier ihauwiihiPv.i. 

nat allows rmtOfk nn iu connect bite Internet from am IP address n almost 

^ariylL i -h;iru[i^iL\ - m^\<-i I IT'. I Fi.m ..Idi' 1 -- ilepVih.ii r.n nv vrars. 11 - FLinlier. NAT 

provides Internet nstrs '.villi •.nine , v-i uiliy ilunugh nliMiirlly" ljy milking IP ad- 
dresses" temporary and mil [leiiiiioicnl K as-miaicd wnha human user. This rharar ■ 
lerlslic offers a small hul langiM- .ii ii' ( i if Internet privacy. 

CrillcsofNATclainillialllislatiiii hileusive. inpeuslve. ami unnecessary, liutolhers 
worry thai llskissv.il! corns a[ the expense of privacy. For L-xiimple. Chinese Internet 
Society chairwoman liu Oihenri Inkl I he iVeiv Ytirk Times In 200G ,(,,, "there Is now 
anonymity fur criminals mi llic liilciiicl iii Chi nil ..Willi the China Next Generation 

The simple reasoiilnghrhinilOihens'.'slluiikiiigis Nut ll'\G could facilltatelliL'direcl 
association of a permanent IP address ttia particular Interne! user For law enforce- 
ment, errf-lo-end connectivity may help lo wive the vexing "allrthiilinn' problem of 
cyber attacks, in which hackers are able Id remain anonymous. Hat human rights 
groups fear that guvci iiiii'.nl-, will use lhi-. ii'-A |i'.it'.L-: lu quash pulilii jl dissent. 

This open question is si'mms i-miugli ilrii. in I hi- luiuiv. wiiiuus national IPv6 im- 
plementations mav !».■ ini on^i iii mi >r even n in -nii-.n K'^-i - v.ii h one a norjtcr. as differ- 

IPvG "privacy extensluns- were designed to address this problem by inakina it pus 
siblc for a user to acqum sameivlnt landon: r mpi Ii 1 .tddresscs in order to 
surf the web wilh greni'T p:w,-i.\ .nil .■■hi iiy. iliilv iliu.- will icll whether If'vti 
privacy extensions work In |irucliiv. Mine 11'vU is|ust nuiv being bruadlv deployed. 




in cyberspare. Ill Ilif km 1 .', ru 1 1. II i.-'j.:.!!:!.- lli.il lin.' ii'j v pioiixol i benefits will be 
tlon phase fmnill'v ] to !l l*fllb character! ■;; y. Ire reined security risks. 

Uneven Worldwide Deployment 

world. linure Imcinc-l iCLli:i'.;l>je,ii.!. lim li II'. u ii-.ini' 'I be ie.noiod. A p/jwmments 
abditv to conduct ilH:i;.'MLil :.emril' I'-'LiUd '..'f.Lijluii', iiij'. depend on llicm one djv. 
Nauans and busmc^e!- -. ■■A: I dime, h.-hind 1 1 c, :.. mm|ip:i!"i"t.. and onemins I litis, 
numerous governments have sei deadlines lev ■.■.irons 1,'velsni IF'vfJ compliance. 

In the United Stall's. 1 lif L\cr alive liian.li oflm. :ii Hjnapeniciii and Budget (DM B) 
mandated that U.S. row n un. iU ae.ciii ici l.n ll'vii (nmnlinnt" by June 30, 2008. 
How™, compliance, in this case had wry limited coals/ 1 Furthermore, the OMB 
mandate was almost imincdialoA ronlinlklod In ji U.I. liouarlment of Commerce 
report advising thai premature iiaiiMiion iii 1 1 Mi f ii Id lend in higher overall transl 
[iiin ti.ili Jiuleien reduced security. 

More recenlly the first U.S. thief Information Officer (CIO> Vlvek Kundra provided 
a more dialled gOwmttttW directive - public Intomel services such as webmal] 
and CMS musiupenlliiiriiilirt' riisl IVi-' nril'vu nuK Irallir li\ Orlouer 2012. Iuierilii] 
1 1, I'M ii I.' -i ill' Hi' - -. bv 20U.-' 3 " 

Musi Amt'iii aii busuiosv.'s li i l in mIii, ' i pn'iMiii' Ii i iinpinu- id IPv6. The reason is 

enough IP addresses iu s,uisf) llieir needs. However ilir lareesi software compa- 
nies, such as Mien in lit. sii|i[U!rl [PvH tin aisi-i! si 11 reduce or even eliminate tile 

costs associated Willi NAT. v. i in In nn h" Mendl-ini li-i .inline gaming, inslanl mes- 
saging, file sharing, en ,- : ■ Indeed. Mk niMifi m;ide IIMi ihe tlefaull Internet protocol 
for lis Villi iiperalinr; v. ii. -in. wbi.-h was released In [miliary 2007. 




IP addresses since Chirm has only rait ll'vl address ear r.>vcry four of its citizens. 
At the same time. China h;i:i held th:- ■-■.orlds ki : _'.<j.;-si sins!.- If'vt! demonstration to 
date. During the 2008 buiiinici C1lvn1c.11> in ^:.r::i„ cviivilimg from live television 
and data [cods to security and traffir control v,<-;= streamed over one vast IPv6 net- 
work.' 1 The rullinj; <\ti; maun- :>l IPvli m'.rs ( hum a j;nnd nay lo development its 
Intellectual Property (IP) Last. 'I ho China Next Ceueralion Internet (CNGI) and the 
China Lducatlon and Kcsearch Network (I.LKNliT) are huge IPv6 projects that will 



Commission advised priv. iimpanies ami die public sector to make the switch 

by 2D10 and committed 690 million ro IPv6 research.-'-' But near the end of 2009. 
a survey found thai less lii.u: Zlt'i liad done mi and lhal ,i inn|oiity of respondents 
feared Itslmmediaie financial costs.- :: Onthe blight side numerous European com- 
panies have made i iMiirii.'ri i.il ■ ^iiri il:niiiM> r. : i | i'v-; i;..., ^i^nnnii h'rlcsson huilt the 
world's Erst IPvfi rotner in ]<id:~> and an Il\ti concept j ur w»s jni ruly developed hy 
Cisco and Renault. Koucl lie less Furopeau companies li; in- complained that further 
incentives trim] Pmssels sic ui-eili-d in«oviii' a smooth transition.'" 

In Japan. Ilie need for Increased adduss sji*.- is Minllai in China's, htil Ihe reason 

I' -li .■ :.| .[.I : l.tl n.il -I.';' II -.u-i I In, ii i di-si I. lu . i in 1 1- ■: ' hi I Noes o r I t.-l I. i;.id 

;vls (o the 1 1 li I'l l k-l Tllr l.i| ■.nil -i ■ If H e III!'- l-s d :l. lOinitn a I ■sdrrship 

rale ill IPv6 deploy men I In oil.iiitt; liiv bit-.iks Iih oul|isi lies that swilcll to IPv6. IIS 
importance Is emphasized in poll in si speeches si die hi;;hesl level of government"' 
arid hy Initiatives such a. VJap.in 200',: in whli li !PvC> was given prt>mlrienl sla- 
ms. NTT. the largest [[-Irriini mi in Inns |ir. jviti--i in lapau. lias olTered cominercial 

IPvG services since 20(11. anil Hit- Cniifisin of Tokyo has held hall] tile IPv4 ami 
IPv6 "World Speed" [eiiml.s siimillsiiediisly As in China. Inwever. hoth the public 




Differences of Opinion Remain 

While there tire obi kjiji. IkjsLihis ii])jKji [-.iiiinc;, iii II Mi. .miwrnnients sir also kc 
K intpipsted ill 1 III- itiute-jx lvLl-v v.-ijill\ iluliliLjiiuiis uf the npYl e,L-nei u 
Internet. The loss of NAT will lower the cost of Internet connectivity and pro- 



an iiilpiiailiuna! pie-|pel. Il'.'j - ■- l I = IjL'I 1 1 Lv.iilIi! ji il jmI let imiu i:j> [ Li : I .11 1 1 1 
:■. ..| :l|-.|i|.-or I] ;i;].hi|i;il!i::l i I] ,\ p 1. 1 ;-rir, .11.- ;]]ni.- I i-lli li .-['1.1", !p .'.ill, pp 
nl iiu'rslRhl than ill I ht> W.st. In lump,' Internet nvr; ;tre hip.hlv rnniiviV 
Ll'iT ..ilillll.' .lit.'IP mil'.. I]p,v.--'.pr I hp U i. l^. Mirnp A !;"[■' mi Lin.- Illl.ldlp [IP I 
ii in: iii.pl i^ I: i i^I - . pip.i'I' il til- pulia.- r-. i ii] i_n I i_-t:<." In III'. 1 in eih . 



harity (IAN A) has published these gultl. 

■ li en address slmuld be in en access 

■ iIIMrlliullini slviuld lx' aggregated, efl 

■ there should ho nn 'I turk piling" nf ur 



has already revealed Mil d ;-IiIp.-,iII'- i]:ji -p.il: .iliili>-,l;Llil mii luundniji IE CI. l-'ur e\ 
ample, China succession-. .11^'.:' il o^.iiiv.i ill'' 'lilt; I in: l.iuon nl' IPSec In the Logo 
award criteria, a seen il ugh. small vir iiivv I Lit 1 1 ml, I have ninrnioLir, tmpliralinns lor 
pnvaty- anonymity, and seiuiiu on tlip p.eb lur ViMrs In puine. II remains an open 
question whether 1 1 iu U.i. and til-.- LL jhm.Ld have |iti:.hpti Lhnia. harder during these 
negotiations. However, like China they must worrv that N'ser will make life too hard 



6. SUN TZU: CAN OUR BEST MILITARY DOCTRINE 
ENCOMPASS CYBER WAR? 



CiIh'isjhi.i' Isa [»:■«■■ naiTiln' ii<nii,!i[l. r.-niupuli.'n iirul I In inlni in.il inn llu-y funtaln 
are prizes to be nun during any military conflict. Qui the Inlangllile nature of cy 
hi>rs|»n> run in;iki- vi< inrv -i' li-.n ,imi 1 1« ir r li ■ il.iinijr iliflii nil in i 1 iNirc. Milii.nv 

l< .itlcr, luii,i\ aif lLH)],in;r lm .1 w.iv In Im'.l.nul mill iii,in,i|;i' I his rinu lhrr.il lo 

tiuikieluI SL'i:urdlv. TIiL' iLiusT i iiIIul-iiiIliI iin!i(iiry IruiitiM.- in liLilurv is Sun Tzu'a Art of 
War. Its rcc01111n1.11 Jailum .111.' Ik-\IIA- and have been adapted 10 new ciicu instances 
I'm- nver 2 ■'■!>(> \r-nrs. Tin'. ( hapier.-'i.-iniinr^ v.hfilu r In -if 11. 11 1- iP ilhlf- ,-ntjirrili 
m.nninijiii^ribcf'.iiflinr. 1 1 ciiirliiili Ml Nil bimi l/u [nir.nl, ^.1 nvlnl hill ini rifiin 
pi *_ iki I liijni..-,Mnl. kii flu injii.i:^.in :[il .'I 1' b'T imjj jnd u 1 ■.. 11K.11I1.-1 n inilil.jtv 
Mi uli.-ij I'j hi.mi-thIi I I i I. 'Il l'l[ I! 1 1"' ■ l'-| 11. I'll. 1 ^ t I in- l vhn blink 1 field 

What is Cyber Warfare? 

Humans I ipv, •_■'.■[■]. Luu- sua'. 1 1 riipciulMit mi "ivbi'[i|uiu" tiie fin',', ul llltul 
■ ml:.':.] Ineorj b lietl li " i Asoiu l-i . DdEi> . upon the fiUerar<t grows, 



toi^ in support u [ str jteuj r. a 
i referred to tins as the Mill 
11 GulfWnr.ihePeniappn's 



.ill:i; j.!i lii'!' mirl I'lu iii'.'l "*:ikm llir |;(>"..| :iwl iv.i'.li nl' the Inlrmnt. Far 
-_i|u. siiilu 111./ '.'.iiIk'I d;r ■•■.'! 111'.' h .\' l.i. vll..:.].i.il 1 ■_- l.i-l- J :". ri.i'.o dvilKiilsiKilial III' 
■ 1. 1 lill.'ill"! .fl.ihlrrl |imp.ieniirl,i y-nnirl r\ h.'r .111 lil: 1 ; .--\|ilnn I til- Inlnr 
/ulnrrablllly In ;?Utl7. Svrian air rii'ii'rue uns rrpirlnllv disabled by a cyber 

,;1 Third, cyber alia 1' 1- 1 In li'.in 1 <U > i iiiim,\ 11111 v'llurlnrj the 1999 

wi Kosovo, unknown harkpri Inprl in dlsmpi NATO military opp tat Ions and 



offline durliij; a time of domestic pollli- 



cal crisis." 1 Tliis Lsl could, be Icti-tUcncd lo mt ludc c\ be-r warfare's liigl) return on 

investment, an attacker's p'- 3 ^ 11 '' 1 ' ctir.'hil b. il. lsiiuriiv o[' cyber defense as 

a discipline, the inrtrasrd impnrlanru nl linn stale arturs in the Internet era, anrj 

Cyber attacks arc best mitlnslood as at; eslraordinuri means to a wide variety of 
■jijlJil.. espionage, tttiji'.aal damage, and e'en ihi nijtiuj.ilution of national critical 
infras true lores. They r.in inllretrr rh^ rnm'.'' al ronlli.-t net^ecn governments. 

What is ArtofWar? 

Kfodei tl military do'. Irate diav.s until a '..i ;p v.ea ui plitliisuplt\ that spans political, 
economic, and scientilir I'-vol nitons I ]-..■ n I .-! -- s.i and niosi proiound treatise is Sun 
Tins Military- Srroffly, known as An of War Iffi-f-fiiS). Much of our current un- 
derstand! lie. ot milttar' ron:i.'[i;s sucit a 1 [Ltntttl sti alt'.'. 1 , ■■.niter of j>ravliv. decisive 
P'.hiii and conintaiiijei s inictr .\sn be it;u od in tins book.'- : 

Arrurdine, 10 lIMinese M.wllii.ui of i' .a v.-.t- \\ 1 ui.n b\ Sun Vvu (now Iv.'i) in thr- 
Ijlhcenlury B.C. arid mmr ol t hums .W-n .l/i/inn iVaswv Soute sc holar* ur^uo 
thai gaps in logic anil anarhronisnis in Ihe It'll poinl 10 multiple authors-, and IheJ 

together over time. Nnnriheliss mi. - In .|; I,;... .it., mi. a a ,1 1 1 insistency thai implies 
il Is 1 he product of one si In ml n| inllinii\ 1 1 jju .Iriiiniarwas translated for the 

An of War has survived fur Z nun vrars heratiM 1 its advlrp is run only ti impel ling 
but concise. easy totuidi i-tnrnl. mid (k\tlik. Sun T/u does not give military leaders 

11 in iimsl.itN.-i SiuiT/ii' pi- :i i- 1. ■■ 1 in nil-. applied to disciplines 

other 1 Iran warfare, iiit Imlinjisn it is. sin ial ivlaiinnshlps. and business.'"' 

Then? are Ihirleen rliaplers In ,4rr of War, each dedicated In a parllcular facet of 
warfare. This clvi] iter Injijill.tlu. at leasi ,,m- mplrul p.is.uijr from earl ichapler rind 
Mill argue Ural Sun T'ti provides a workable but 1101 a per reel framework for (tie 
manajienietil of c yber war. 



Strategic Thinking 



An of War o pens wilh a tv^i-nni^ - 

Tht«lnrWarttur«»alliiip«laTircluineSlnle.ITttoniairpriinifeanil«i-atl.arosil 
ellher losafetyarloriilii Hence II Lsasabjecl or Inquiry whilch ran on ixiarcuunl be 
aeglecied. .IdW I Laying Plaits" 71 

Al Ihc slralffllc level, a leader miea lake Ihc steps necessary In prcvcnl polilicnl 
coercion by ii fon.'i>sii I'ltmi and lu jji ml ,i Miipre.v military attack.'-" Regard 
ing offensive military- operations. An of Wjr stales thai ihcy are Justified only In 



Cyberspace Is such a ran arena nl rnnlhil 1 h . .1 basic dclcnsc and arlack stralcglcs 
are still unclear. The re have been no ma|ui wars ivlii hci'.ieen modern, cyber capa 
ble adversaries. Furlhn m hi i '■.■.nliic lain; -. :ii" high!' technical by nature, oflen 
accessible only 10 sullen mailer cpi'iis. As nli lerriirism backers have found 
success In pure media h\pe. As ullh Wi-a puns ::( Mass Destruction IWMD). It is 
challenging to retail aie aj;.ihisi ana'.\ uuiii'liii. ihie.it Al tack attribution is ihemosl 
vexing tpiesiit m nl' all il Mir .ma, |:it-, ui i.'iuaiti aiii'Mvmniis defense stralpglesap 
peai r doomed from the sunt. 1 Iuallv. ill" m-i i:-i'i\ i ■ nanuc nl cyber warfare rapabili 
tics anil nieihnds iws inhibited International discussion nn the subjeci and grcally 
increased Iheamuunl nl c;ui.",v.vjrk lei [lined I)-, nan. mill wnnn planners. 

The grace period for iitireiiamu may Ik- ru unlng mil. Modern militaries, like the 

lure. In 2010, the United Stares Air Force procured more unmanned Ihnn manned 
airrrafi tor Hie lira Sme - ! IT Investment on ibis M ale res essarily means an In- 
creased mission dependent i- nil IT As advrrsai les look Tin llleir up ported I's Achilles 
heel. IT syslems will he altiai live i.uyK h is likely that I he ground fighting of fu- 
ture wati win be acroiiipanled by a [iar.illt'1 lansily invisible battle of wits between 
stale -spi insured hackers nvn il h- IT lufiasirin line dial Is iei|ulred lo wage war al 



Celebrated Red Team exeicises. such as ihe IIS Deparlmenl or Defense's Eligible 
Receiver In ISD7. suggest I hat cyber al lacks are potentially |»iwerful weapons llur 



.ig-JiUnmslaud by Lionel 



i>i>:: '\ 1 1. hi'.- 1 r!n ■ in: uii:n^ -i.iiv;iiuv.::ii] 1.1 i.ila i..ii'. li iu,IIt-ii'.- .ir;:.!'- 
.iTid crams 'sran:i;i,:(l H> inlci.t thr> human niiiimaiirl an. I rain; ml svslnn with 
j pJral}Zi[ITi k'M?l ul niEMiiisl V> a ii-v.il:. niliud'. in III' 1 rhaiih u] 1:111111 land, [roni 



:-.i:i:iv.c[ '.iKil;-^i" ^miUMIV.i- ill r 
Iv Ihnl 1]|[> llirenr I'nmi cvIkt 



entire Ihan lo desmy ilw 




;in:l Ik- K'kiilNil I, I .In-.': iv .'.ri.j^.- .■|.|:: :[:.. ir .1.. :mi;m ■ II lu I., .lull: 10'. 

u :,J. A J'n.'.i JJitf Slrong 

Adversary cyber ilv...:!!;'.: v. ■ I . mill Ir i::.r.!. il:][nu:i us possible. Adverser 
i.s muM hi'.'l' in ..'..-ill' hull ]::.■ rlfii rr.'lli--, .■ ir il "I.: '. ■ I i.-il.l .l.iuul 1 1 ;.r I : i.' 
informal ion they v»rr iililc In slc;i I is iircumlr. ,\ll;,!-krrs shnuld hi? forced lo Ickp 
time, wander into dij>] m I ii;l|a. juhL brum mlnraiiLiiin r- -y.iLnJ inn t heir ideniily and 




Aol* IV. Taclkat Dispositions 

Iti fin-l |irir.-.M.iiiiil h.i:k,i Innk ;m<1 s iir.'slr ihii; fimujih lii.il isr svsu-iu 
administrator sllnuld nrrsiuiit- some lr-vel or s\sleiu Im'ii, li .11 all limes. Defenses 
should be designed on I la- i!ii!|illi>ii llwi ilviv Is akvay. a digital spy somewhere 
In the camp. 



halites Hyoukri in mitiM-lfljiil in J Hn-tm-niv.lui «vry \k1i.rv Kalnrdyou nil] also 
hiiITi'I .1 il^riMl Ih. i, kn.... 1 1- - ii- ■ i - - - ii' ii' ii vi ii M-ir \'iu I'iihn ■ it.Ii in v 

baltle. AoW. III. Attack by Stratagem 

In the late 1000s. Moonliglu Maze. die laiRos: r v be. i intelligence investigation 

contracts, encivplioii ; .■ :ii:i |..' . j:i I . j: | ..imii'i.l; U.i'.l.. Ut^iite veais of L'lloi [. 
law onforcomc in '.va 1 . :,■:•]■? 10 myi dKiiirl'ii^l'-' lev elm' in lu lp rii^lorjtutic atuiliu 
1:1.11. \nd liiv.r.isi' .y:i. v -..aiiai-.' 1'. :i 11. p heir. 111. :\nr. Ijint i li.innes ^.1 ^nickli 
II is difficult even for ]jj-.v rnloiiminil iidicci'. Id lie suit Lhey are operating within 
ill' 1 1 un^tiaints of Lite law. 

A long-term national oOilciivc ihould l>-.- :1k- tiraiiun ol .1 Distant Early Warning 
Line for cyber war. Nalioni! mthiMv diii-ns. r.n-"h .1'. propaganda, espionage, and 
attacks on critical Infrastructure. Iian- mil . halloed iini :hi'y are now Internet-en- 
abled. Adversaria liave a new, tlclr.vrv inctkiniMii r I u 1 r tan increase the speed, 
diilusioii. and oven the pi iwer ol an attack. 



ami .i.ai'M. :ji:i^. I'.vi.nil In,: n.::.:i nl 'H'lin.i: v :■ ri.ii.l.ni.v.l.:!*:.' .l-.i'i- Xt<! 
The Use of Spies 



k\ Middle lias I 
• con I lid on I tie 
land (iaza. pro 



Informailon collection anil i-valnaiii hiv.iit -1, iitipnriani in Sunt™ I hat litP entire 
final 1 h;i|)[.'i 1 I .11) ft'Vv.ii \; d,-v,n,-d 1, , .s|ii)in;;i-. S|ji— 11. 1 ailcil die SDH-i-niii. 



irvof ■ii-.),-t:cvri:vs;;iv lv;>,"ii;i i>.iiil,h[4:i kit.im r.n-jyri;; Vmni riavvalil,'.- v.lii, h 
ran lie i'riidv [i-ii\(Tsctl In b.jlti suics. [<> "iiimra jiiissrs.' v.hirli ilium rilticr lie 
■II ■ill'.',' -_-.il I ..:■[: '. :r ;i'iv:i:l ■ ^n^-jiv ::n.! ■■■ :lh- : r.' i i ■ !:;!■■ il I'i l.'lilh 

Tl]''inj.- ■ Allh"i[i;li - 1 II : l.;.ii i rii' . ■ vl ir;' i ■ .inivalpnts forea 

Terrain type arc easily I'mintl in liiinni'i. Iniranci. firewall, el c. 



■i]IH])ilSS [■[>!■ i'.JIIipIl- IN CV1)ITS[H(T llli> IlTICMlial ill! 

:an be completely irrelevant. If "connectivity" exists betv 
;an be launched at any time from anywhere In the woii 
argels Instantly. There Is no easily defined "front liner" 
UN the Internet often share the same space, and Ihllltar 




The potential role til' i:i)[ri|iii[i'i iiL'r.virl, ti|H'|-.il m .TL7, ill niilil.-irv rnnfllcl has been 
■ nti ipinvd In slialeijli InnnUnij .ulmi.- nvirlViii-' vja-i Li I ii|n>ialiuns runes, ami 



id hinder thrgucxl I nn<|» flu null in Ili-li.nl lhi-ijlliit-i--,l , n.inMllylHp,tli<- en. 

11 modern illiliTaiv I'.;'.' 1 :, iih:.- [nlei:iel a:. Iheil I '. eicai:' .:■[ "1:1,11:111111.. I 

Unn. '.' hoi happens '.vhen ike I n.'i n^i is d.T.vn'.' "J'lnn.s II is likely (hat cvhcr attacks 
iil.T. Ih( IiiimM cm -.(ill role v. hen :.iin:ch:'.l met ricert v. jlh a conventional mili 
t li [■•. da tcrionst) attack. 




return. Tills is the aituf hi 1 ly.m>in:Mlh. .-luH! Vli. Ujneui-erag 



,.ybcv criminals nlrcaav i.pernic nc-oidine k. 1 his ink'. 1 kev lmo : .v thr work srhed 
ulc sol network sec: link ]jir :i:,-l ;md ol Hi lai inch al lacks in I Ik: evening, nnwcok- 
ends, or on holidays vvli'.'ii e\ Uei kilendei- an 1 : ,i home. L' 1 1 ■<■ id 111 line [y. ejveu [he 
current challenges lacing : yh. i 1 1 ■ ■ 1 1 ■ 1 1 - . n n::r. In [-.i.^sihle simply to tie up com- 

If an Invasion is successkul. Sun 1/n advises mdilaiv 10 11 inlanders lei survive as 
much as possilileon I hi- adyeisai y's rliil resources. 



re. AoW. II. Waging War 

In Ihis sense, Art nf War and nbci w;irf;irc ei lire -pond [i'i Irclly. In computer hue k- 
inji .illackci:. tvpiealk Meal lhe cii-.lenltals and [iii'/ilcec, nl' an aullioriied user, af- 
nt wllu li lliev cftectivek 1 111 1 111 11 1 an insidi'i ill lhe a;l\ei-.HI \ \ (vicinal) 1 1 1 1 1 1 1 i Hi. Al 

1 1 1 . 1 " I !■- ■ I - 1 1 lir'n llllj; I'.il :ilel d .1".- ea I !.■ 11. le ill k .11 ;l I ha- .111 lhe people l;-ii;" 

I lilt 1 !■.(■.■. mi. .11 ;d Ikciiiuissieu duou;;ii I) >Si)rcv|>i jicii far easier Such al lacks 

ciiuld ini [nil.. 1 in smied |.eii 11 spinuleii! i- ami/in 111 Ileal ilal.i itioiliucilion. liven 



:l "h : ':■.!!■".■ l:. uiv ■ " u - .ml ' ■ ■ : -. ■ - 1 - ■ : I ■- I'-.i.l n: r. I ■■■:>: 

h um in I lie rominutiT itor.vi (<-,v\r in no. .1 voluntan'lv 

Finiilly.ci'lierwurtflreis nnriiffereni rram nthw military disciplines in ih.il ihcsuc 
ol Jirwmai 1. ■.'.ill |ii nd on L-.::;-iii--'. II .1: ii ■;■.■[ jili J sscrat. 




The Weal Commander 

Decision nLJkl up III j 1iL1l1n1l.il '.I'm ir. l'jiiIlxI ■..ill::'.!. M.LiiiiiLanl n.'spoi!sH)ili[ie: 
because lives are ofrcn al stake. Thus, on a personal level. An of iVoi leadership 
roquirnrtrnnls am high 




an enormous amount nf unrrriaiiiiv; cvan knawin;; a ncrtcrnne is under attack can 
bu an immense dula m; ■. And I Li hijji H'ai|ii> i'l I nil cm ■! :i:ii'ialions lead In a 



unci island', .icil I:i: Iiovi:s in it: :i lia:!:;-; . ja.T ... ■ l it i" "-. bti '.'.ailaie will be com 
municatirig with higliiv lei-lnura! [rrsmaaiities. who have vastly different personal 
nmds Itiaiilhc MildiiTS ol it I: a- In nam I military dement. 

In all fulure wars, Hainan. Icail.Tshiji n ill have :;ii> dialk np,e of coordinating and 
decijiillictin;! the is l>m and nun ■ bm ' I; ■an ■nl'. ill a haul'- |iljn. Sun Tzu us high 
praise I: ii a arcat tactician: 




As chr u ins l.i iiifs change llii:,n.;l|. ml I hi 1 ; i s use ai a ii'iil hi I In. ill tactics and stiat 
iiiiis: ':>(■ lai'v.ilu .1 ami ir.i.ililail 1.; Ii: l:i n. ill', n mi inn nl. 

Hi: .1.I111 mm muilifv lis "ill I Ii :■ in - na! ..a III li^ |'|.||. al .mil lheteby SUCCCed in 

"ilLail;^. alj-.' In:, nil' e a laaW.i l.'ui n jjluii, A::\\. W. LVe.i.. I\ ./.'■:. .ir,.: jn i.va: 

The dynamic natinv' ni i hi ■ I nmi ni't and i lii' s|ii'.i; .il i umpuler network operations 
guarantee, that irailiiuinal nuliian i hallrngcs mi Ii as scii-iny I he Initiative and 
maintaining momi-niuiii will u i|iiin- lasier deeisinm uk's I liana traditional cha iri- 

of-conimandcanmaoajji'. Atilii'i r- mandril [m]M | HV ,. i he ability and the trust of 

his or her superior roari qiin kk. eicntivi.K. and decisively. 




Art of Cyber War: Elements of a New Framework 



Survived over 2,300 Jean up i ■ us | ildan i .■. highly npiflble. SiraieglMs 
reVDlmbns.andSunT/uslnMglil liiismwr < h ■ T Ik n-sonance. 

Tills c] rapier aigam Ih.i In I tip I'm in h <yta ivi!iT,ir» ]jr.K:[ltiuneTS should a]su nit 

Ai-fo/'H'flrasans'^'.f I ynirlc m niilli.ny Mr.ni'j;> ! biAvvei tyherspare pcnwsws 

many charac Kris [lei thai are imllkt- ,m> Uilug Sun T/u imild have Imagined In an- 
cient China. There pre al leasi len dlsllntllve aspects uflte cyber baiilefield. 



Tzu's paradigm. As n.n;r.:i.]l r v i hi i ". I-: i r- .irn.l milr.uv ^.li^iLiii'jf. bi'^in in utl 
mnmnls. slmlPRrcs. 'Tid don l ine lor cylier -.vji rf mill r he? Art of War model 
mind, they should he ju'are of these differences. 



7. DETERRENCE: CAN WE PREVENT CYBER 
ATTACKS? 



fensu (o proactive, slr.ii.eL;ii i\ Im-i ' h.-l i.-i i ■ ■.■ln..li au\ in. In; lr ihlei national ml lil.irv 

venting litem. Although l. vie i iiu j'. lis redo m.<i Id a nuclear explosion, 

they do pose a serious I :m n.-r-iiiy ihn.il 1. 1 ini- i i- -iii in.il urilv. Peal '.vuild 
.■samples sun|;rsi ilrn ivhir ■.iarlaivv. ill |iLl'. i li.i.l ruin in I hi i in 1 inlnrnational ran 
(lids. This chapter evanum". I In 1 Inn (innnirr slralcgiis available In nation slales 
(denial and punlshnienll and then tin , ■.■ Iiivl : i -.| m 1 1 \- ; I n; ] LI .■- kapablliiv. eoniiiLUHica 
tion. and crt'dlbltity) luIIkIjI ol ivki uailaie. It aim evploirs whether the two most 

attack dclcrrrncr- an impossible iask 

Cyber Attacks and Deterrence Theory 

The advent of nuclear weapons disrupted lite historical losic of war completely. 
Deterrence theory emc-iji-.d afn.-i tin- Lhr.kd jtate'; ar.d the Soviet Union created 
enough military firepower 10 rar.ir.-v human nvili/.iiion nn our planet. From thai 
point forward. accordinc lo llu .'.in lii ,in rnilil:>r\ M: al.-j;ist Keinard Brudic.-'" the 
ptrrpoSQd armies I ■ - 1 ~ ■ I : .'.i ng wars to pKrueaflng tliem. 

Nothing compares to lite rjcstruriivc pawn ni a imciear blast, but cyber attacks 
loom on ibe horizon as a iluv.n dial is h.«;t unl-isnin:! as an eiiraordinnry means 
to a wide variety ol political ami Hainan rnds. mam of which can have serious 
national security rjiiulicinons. I .;t ;-\an;pl:'. cumpu6-i ha ok in j; can be used to steal 
offensive weapons teth:i '■ i^'. :<ra lading i ■_ j "i r l^. ■ I .'.u'- I .ir w'.apL'iis u[ mass desti uc 
tion) or to render an adversari a delr ns. s inapi iahp .-lnrsii.n a conventional military 
a I tack.-- In lhal lighl alii mpum; pmariivcK In ilflcr rvher allacloi may become an 
essential part of nalional inilnai . M ratines. 1 I hapler examines whether it is 
1 1 ^- --I ill m a|ipl\ ilili'i i i: irii'iiv lu'Alier attacks. 

Wfial military officers call the "balllespace" grows morediffinill lo define - and lo 
defend - over time. In L!Ui.i Unrrlin Mi.ore tuner ih prvdirictl ihat the number of 

lar giowih in almust all Lispn.L-.di ui&jniuii.iii tr.-liinJu^ liT), Includlnp. practical 



(0S1KT). Even the basic .<i. i viu;.ut,i m:*lun .:xk-v ;ii h .is water, electricity and 



tlioir objectives. In tjif omlv I'.i'.'t's. "I, is C'ino:[;i li!i:\kIy kiiov.ii in ibe Soviet 
Union as the Military 'IcrhiKikifiirnl Uevnlini™ (M iUl; ;dicr the 1001 Culf War. the 
l'i-]1:i;.vuns i;cvi>luli:ii in f.lili;;!:-, Alknvs v. ::; .■lhnr.si ;i lujiiM- 'hi; 1. 1 II n:i. 

Hiiwcm. the real world iinjiiu I :>l e. [>er liinllkl is -nil dillkull tu appreciate!, in 
pan because there llnw lii.'ii [in '..ui- I'll-'i'Vii iri-ijrl -j ri enable militaries, 

tint an e\amlnaui>ii "1 inn 111:1111:11:^ .dbms i.v.t p;Ki iv/o decades suggests that 
rvher bailies nf Increasing consequence are easy (n find. Since the earliest days o\ 



lions ml dialujjue with the outskk- ivoild/ Sitrli a iapid ilevelopment in ilieuseuf 
cyber lools ami lailirs sujyjr'sis iIhi IIic) .-. ill ]il*v a Itv.d ml- In future internal ional 

White I lie Internet has <m bakni,-,' b>-.-\i l:u;;i-h l;i-i«diiiiil to society, law enforce- 
ment, antl cminteilnh-ll isjfru-i-. |»-i sonni'l slni!"!;!-' Hi keep ]ijn:e Willi its security 




iiii| li' iilii'ii^. ". ru- nljiquil'. ' I [Ik 1 LiIltiilI hl;iI.;^ ■ '. Ijl-i v.lIl'liil .i :>T: LlTt-k-i-. ■■'.'.■.ip.'ii 
■ ■in c .I'.lM i'oi! •. ■ ;in i •■: h.nm' IiIcy- .li will. i. pi nil. .1! 1:10 p.v. -.n al diMr-ncc he 
mccn them. Ev ami nisi, ('-her ilr-lcnse i 1 , .1 icdiMM; prunes, .nsdrvhrr allnckinves- 
millions j['L' C|ji;jIIv iiiUHiduiin.'. S Iil- j-.IonishiiH; ill Mil vt ;m m. ivber trimt 
.lii'J ':'-L'u[ 1..1J.: ■ I ".Jd I.]- : . 1 | li.ii .jj;i].:.m 'jl ii in. 1 Millie spoil 

mrrd rvbc;- oti.-itk. [diellisciv-: ciri.tils such r,?- ibnr.ri 1 [\ tliircicr lames Wcohcv 
fear lhal even InnnM groups '.'.ill pc-SM^s i\[>lt v.capiins ill MiTilcjiH- significance 
In the iiexl few years. 

\UlllLII '. .K'lLi U'Cj I'll' '' bcp. 1 . 1] I [\ 1 .1". ik I H "*'.'[ II I I '.'II 1 .' 1 1"'. sLK'Ul'Lli Ll'l ll'll'll:..' Uj 1 1 1'. 

i':niiiul:][i':ii] i'l .1 |ir'.^ iciiv'-. : \ 1 1 - - -■ : ■ 1 - i ■ 1 : ■-■ | id.r\ Inih m.v, nylndi unci 

lirvinil.il miliimv dclrrrcnic.- ' Htmcvir tun rluill''ii£illj; nsprcis rvher ill lacks 

In Uniiry, naiinn sraics have nvu primary dp 
and credibility."'' 1 



Cyber Allack Deterrence by Denial 

from acquiring a ihre,iicriuij> let Iiii.iNijj\ I Ins is ilv pr. I-it.'iI nptiraiin Ihe nuclear 
spheie bttauie there Is nu prailkal diTeiiM- against a iinrlciir e.vpkislon. lis heal 

concrete biiUdings Ihrer k 1 1. mv -i- rs ■ The .iNimk m 1 inline of nuclear war 
fare makes even a ilmni'iicd \li mi ■ 1 1 1 1 1 ■ nil li. iimertu' Deterrence hy denials a 
phlkiwiphy eniundli-d in tin- Nnn P mil feral Inn Treaiy INPT) and one rrasnn behind 
currenl International i.'iimihi nitti Ninth Korea and Iran. 31 ' 




Denial: Capability 



Desuitc < Ik.- diplomatic i.'flnils of Nl'l'. I In.' well iutidi'd in.sjM.-t.llon reglniu uf Mil' In- 
ter national Atomic Eiii-igy Agency (IAEA) "■ and unilateral military operations such 
ns Israel's destruction of nuclear Facilities in Iran In IB81 and in Syria in H007. Ihe 
siieohhe world's nurle.n i Inb i;. };u living, hi .uldiliun ir, i hi- livt- permanent mem- 
bers of the United Nations Sccuilty Council.'" de iado members nowlnclude India. 
Israel. Pakistan, and North Korea.'" 

C\ .iit(K k ton!.-, .mil in liui'ii" -. ,ii'' nut ik.ii iv ..r.. I.tinji'iuii'. os lln-tr tunica r coun- 
terparts, but they are liv i i.iiip.i.-i'.tui .'.:ni|.l.- ii.- .n i:nii. . deplny. ,-ind hide. Hacker 
trainingandconft.™Ki'h jvu;iltuiid;in[;ii\(Tlli(!p;isl 17 \ ears, almost 1.L100 how to 

be kept secret, plivslrnllv it.n:- | oik ii : :ii .1 r i~i 1 1 1 i 1 ■ h.nd drive, or sent encrypted 
across t ho Internet. A nnrii .it .mm jiiuynmi 1:. tlim't hi ft hide;"' 1 n cyber *\rap 
oris program Is not. LA Lilt alucki ca:; be tcsic-t! discrete!', in a laboratory environ 
nient"'" or live on the Itr.i i net. anoiv, i.-..i;:-h l i;i 1 h l- i . n .^pcars incieasinc;!'.' com 
mon to consource the hit ;;.i I ti- lr.^.'. t h.ii-aiie. ic a re nun- re la I or criminal third 
party. 1 " 

code. A lc g Iti ina lo path !.>r iviui'ii ■■; ■a-::\ adm itiricn can also be used by a 

masqneradinc. ba< Let to M.'.il naiio-tial ■■■■■ rds Lvcn publish! d opc-iTitmA *vstc-iu 
and application code Is dillituli lor experts iti iintlciMand thoroughly, as there are 
simply too many lines uf code to an - The dynamic and I'aslevoMilg nature or 

cyber attack technology cuiiuast^ slusrplv '.'.nli Hit liindatuenial design of nuclear 

since the late 1050s.' In ihr smglt in. mil; -,l M;i\ 1'CO'i. Knsnersky Ann-Virus Lab 





Cyber attacks now have the attention <>t Hie World's nailiinul SacufltJ planners. In 
the U.S.. enhancing cyber security was Mtt of I he six -mission objectives" of Hie 

2003 Director or Naiiuiiiil [iiiHiineii. >■ (OHiKlJ M,n il line licence Slralegj'/" and 

counieracitne ilw tylici tin eat h > inrernlv ifn- ihiid !ii«ln".i priority of ihe Federal 
Bnn-au oriiivestigaliim (Fill). nfiir |iri'vi-niing lumtM attacks and thwarting fur 
clgu Intelligence operations. 

However, cyber warfare Is a new nln-igiqiii-iinn niiiinrnl and Inlcrnalional norms 
have yet to he establish, il DiiT.'ivni ii[i[iin ,11 c iindci- . nri.sidcrat ion. One Is lo 
broaden International lav.' enforcement coordination specifically via Ihe Council of 
Europe Convention on Cybercrime. Objections tu diis strategy include the passible 
in fringe men I nrn.3linn.il M>\iTiii;nis l>\ li>ivii;n I.im en [hi (vine hi agencies. Another 
approach is lo pmhibit tin - tl.vi'lnpmi'iii nl Yvht'i ivi ■; !]»)[ is via international treaty. 

■iiiJi .is 1 hiil m.^i'li,!:!'.! Ii'i i !■■ i. v.v 1 1. ■■ .■□ ■ 'n In r" Mi' h ; i . hear.' inijlil Ii.lii 

supply chain attacks .ind 1 1 ■ ■ - dhi upiii 'il i ■! n:ni u.riil.iii.uii iki'.voiks as well as In- 

|ii'i;i.li !:■ lli.il il lini' 111 ill I" liii|ii ■; , . ;i; t .ill.T. k ,11 Ivi bill ion. 3112 



inimliTv. ill.? odds ol iiir.i/.ikul.i". m. oinl I> ■ii i^ i p..:,n. .ij miliiEirv nifaiis. 

At Ihe heginninR of ihc vi-ar 21)1 I. it was Mil] noi likc-lv that nal inn suites would 
sacrifice much Eo prcVL'in [hi iiijlif.i .i::ih "I C j..i .ill j; I-. Idols and techniques. Al 
though it is indispulabk' lliiil I n ■ r i in a ks lisum- ..minium liimncial damage-. Hut 
wuifd tciiiic-ii iii'jLL'j^iimh. l L-ii i [ .u :-j !j ; ■ : ■-. Lie i i-^i'i'. ii i.i^i-. mid ilui liUL'riiL'i loiiiicci 

weapons. In lerms ol limit drurunive power nnkrs am in a class by themselves. 

magnetic pulscHEMPl, or human casualtles.'- 

HoWever. a future ryher nlE.nk. if it rallied .mvnf the nbnvr. offr-rls. rnuld change 
this porircplinn Wr.llif.vdi' i.vhr.i.:i i;;i.:d riiriViTn.i-iKi- ni drscrihed bv Dawson,' ' 
is constantly clpandmji ithsil Markers rail 111.- "allaili siirliire." In theory. Ihe suc- 
cessful conquest uE an iid't'iMii' s 1 1 ii'. i i.r-i : ■ ml'.l '.'.|uj1t- to assuming cum 
mand and control ol iJn 1 ,i:lvn -.ii i v ri t : I l r i 1 ■ '. I::n"i-n jnd luliig their Dwn weapons 



Cyber Attack Di ti-rn'ini' by Punishment 

denlRl was nol possible or has failed, and that Coumry X possesses the technology 

vmred dial vlelnry is roil |mv,ihl.- i-M-nym-n Ih- opium i,| using us new lerhnnkigy 

Two key aspecls of ryhi-r .Htm ks |m v m rliallenjii^ u nuiloiial snrurlly planners 

Whu would seek todelerth.-iu Ijv |iii:iishnii-:il: ,ii r j ilium ml asymmetry. Tile first 

challenge undermines a suirt lapaliilin id respond In a cyber attack, and the sec- 
ond miller mines lis r red Ltilll I y. 

I'liiiistimeril: Capability 

All nations Willi rtibusl niilil.ivy. km Mikiriviueiit. aiul.tir diplomatic might theoreti 
tally have Ihe power lo punish a cyber at lac Ijt in --nine \-.iiy. either In cyberspace 




trying lo pin [ho hliiinr on a ihinl pariY an aiiracllvcopuim. 

fiwn in I In n ciii liiai ( \ ]»>r iii i ;u k miiibi ii K pojiivlv i!i iiTiniiK'it i In crrn ]( (-- 

In |iiiiiKhiii,'iil is Mill iiihrirnlli lev, ■ : i ■■: I i : ) It ■ ll:;iu (k :,i ri':i r ':>■. (Iriiial. [I ]ii|i]in- : 
decision- makers 10 my ks> more diflknli rlidircv A prd.nnu' law enforcement strat- 
egy Is ravier Ic juslilY lli: in ll:i- i>r .i| iiiiIIi.ii v Iiiki- whirl] ''-in cause physlral tie 
sirin ii.,: i. Iiiiiiiiiiicii-ii.il i ii>s .11 oihn nillnn-riil damage. Ai ilir vi'ty least, there will 

One important derision tjic 1 1 ijj; dr. isimi inakri-; Ii; [he aftermath of a cyber attack 

Hi ill 1(1 III- WlMll-'l ll> leialli.le Ill kind ii] III i-l[l|>]n) llliil'c ri)llV.'[]lli>ll:!l HM|UI1J Il 

may seem logical lo kf. [> ilf r.mllk i within . \ licupure, Inn a cyber-only response 

(Iucmkii eiii rrpruporridiialilY. andiirvbi-i riiiinleianaj kiu.iv la. k I he required 

pierismu. A rnisiirfin l yb-] -pat e inli;lil advei a Me. I i rMii iil tialional iiifrasn in- 
line, such as a hospllal ■.vim I id le-uli hi a \inlaiKiii df the Geneva Conven- 

I 111 .1! rM'll 111 III}; -.'.a I I I liar. 1 baiy-. a;;a>tl-.( 'I'll .11 ill n 11 II 11 s ' The I aw (if 

Armed Con flic) Mates iliai ilie means anil nieihmls of warfare are nol u nihil lted; J,; 
((iinmandeis ma;, use only Ihal tlei;iee ami klml ni lime .. n'i [Hired In oitlei Hi 

achieve ihe lesinmaie piiipnv of lb If n I ... niili iln> minm -\|vi i:li mi - of 

lili-aml 1 I'm hi ices."" 




lineal piL-nsine. ■ III Uiina. Ml-.- !JMl'ii1i;iI iiiiiuci ol computet la-ciunk ope tali ljii:> 
on tlic nature ul '.vailjit n ili.ju.Ljbi: to U ■.- si i ■-■ii.l; i. iiolilj.1i l-v.-h iu haw u jjiiloi mod 
iiODvmr nt 1111 in. ir- M-iirl.im id'"- i lii:-""--' miln.icv Ini .iLnir.n rrri.iinlv qiili the 

■1-1 . niivi- &. pill :.l rh,. I hiiw- i- II mo- I.". .-f..y.i''i iiii.Til ri'ill.11 ■"'. li'-F^pofO.' 

Ill \'. i!i.liiiii;:..ii our ill l hi' hnl |-i-j)'-)i-n 1h;:1 ir t t>ini I ;i iTiviirti-nl llb/una km ml on his 
di'ik Has ■SL'i-uniKi (.'vUnipuu' (in- Liu- I I III I'li'iidi'iin ' rt lili li ,lit>n«J IhattliL'US 
iilusi ha": a OL-.-rllll I in 1 1 i.li"-' |1:i-mii.-'.- in I i.-i '-|'..ut !■■ .1 i nr. .! lil'lonl'ili aaniilM 

Ubrr ilLicmn.. must udtdn ss hav. Hainan :ni(i '.Iviliiin aiilboMli.-s n ill tollaburalc 
in iuuIl'LI priiate M-Liui l mica I iiiliii iiuiijii ml i. i'1i in. Inn.'. L"\i'ii l\ Lilt attacks that 
■ in!-: - ".!!■ I ■ Hainan '!!-.■-. :i:v ii.---.-l- 1'.' a a-. lt. ill a: i n-.-l mm:.'. Ijl'Ii'iu il-.ilIiiill; 
their larger. In lact. the destruction of civilian Inlraslnicture may be the ryber at 
lacker's only pjial .1 liirihri f linlkii)?' is ili.n ]iriv;iie u-not rnarprises surh as 



ii'!' \ li';ifli'i-ihi]ii I'-ii lei I- iiiiii i li:ii .in .11 1 hi ken ns 11.111011.il l.Tiih.ry - in violation 

□f lis natlunal smmn-'lgnty - has ocrumil. Thus ]iTrj;u live evber aiiark ci'iL-nrnrD 

b> Huvernmci h-l.'ikl miliiin hilr.iNlriiilnii- ml I hi' ililln nil n i acliielt. anil any 

national response raay be loo lit lie. too late. 

same attack twin' I IhTi-furc. (KiMm ik"i < ml i I . pang.' nl iliiilipin.il Ii ami 

Millilai-y ,<|iliiiiii Id cinisiil-i fiir a |)imi[in> h-s[hiiim- In li-rnis nl" inllilary (lotlrlne. 



BB> posslbUMj might br tbcdcfineaii r red Jin stnt^berspBce .'i pagandaacd 

l..v. k-'.'-l ' '.ill;' 1 1"'. 1 1 IK- iv.' .;ii ■•:■!.!. .il irinri I J ILI llil-. I li£!VI I !':•■ 111':-! !:']■■ "I |if:-:ii"- 
rviiiT vv I i i ! ■ - ihr isi.iniriiil.ititili ill .'jrlr ri ,in .i|iiT.niiin.Ll •v..-.i[:ii:i. i i v-Mlrui 

■ .-■■■.il.] I", ■.'.h.iiii:!:: ii.i il l. -- -- j i I-: j li'liiliii'.ii-n. I .r.i:.l .. in --. j | - 1 -■ ■ : : - : I ili'li-i :i in: ■,L>.il'. , i'.'. 
L" .' ] iJl;:. Liir.L- ill'.i .-I.' .IljiI. ■Aniu.ii. AiKld'.L'r.jr. -.hi'.ikl lid'c ].' tli.'.ibl '.'.h.li [Iv. 

conscqtirnceswlll be if the red lines an? crossed. 

Punishment Credibility 

As He lull; seen. Hie crcLllbiliu i.iii Ijcr alia, k ilfti'iii'iLii- Ijvdi-iiiii! Is InW. The PO- 

'fii 1 1 Ii I ,iHi-iii[jI -in 1 1 ii ili-nl,i] liu-k:nn Tlii'n-li.ii' .1 

attack deterrent e hy |ii jii 1-.I iin>-iti n .1 muti' likely scenann 



,ind operations I" ri'S[HJrul in il timely I'.isliiiin. 



another tha racier 1st ii 1 ,|'t nit, 11 ki ilii.l undermines Ihecred- 
reliy pun Ml tile tit even 1111 hp. rtsy lilnlelry. Al the nation Male level. 

If intxv ilejl-'llflelH ii| Ill' 1 Inl'-Hi' l 111, in I'llliTS. Soil"' y^nu- 

phlsticaled computer neiwork attack prugrai 



'.'■If mnilcv. v,-,i\v Tii >m hni'-.il pri'.|iei ilw 1 lie Sim irf iii Mr h h ,i classic ex 

,ini;ili'. A li,|.. k..'r Mtlln.ii ,11 1 uiii|Hili r X jju'lciuh In In- (iiinini; In 1111 1 iiin[inler Y. then 

ii 'l^'. '.l-. 1 l.ii, 1 11 I'.-.in I111I:, ■ I 1:' h'- 1 111:1 1 ■■ ii 1 hi. ■-. Mm 1. 1' I 1 1 - ■- -| j- iii-.i--. ,',i'.il h . 

■ I'.'-iv.h'liil ■ 11 H| 11 it'-v V 1 li-,,liil._; .1 •I'-ni.'l !■ - I ■■ i, '■ ■ II 1 1' ri I 11 'Ml ■! I111111.111 |ii'l ■ 

sp.-vllvr. Ihriii1r.1l IliliiiiH'l.-iiv MrKlnnun .■• I lhilllln.nl 11.1;. .-'in mil inn In M, Kinimn 
het5a-buiiiuliii-liiii k,.|- ..iliiii...iiiii,.|i-h. Iii..I;Iiil:Im . IIJdiiM nsivured Pcnta 



Mutually Assured Disruption (MAD) 



In rviir v.: :.^,-. h.iiri m 1 1 1 r ■ r I i '. i 1 ] 11 I i: I: i i] i i.Ylii.iil"- LVnbl Is 
due lo Ihr F.iin Willi '.vhsrhrshnrnllnrh; |.-rhnnl if;vr:sn hp ,1,-qnlivJ ihr-inininliirily 
ni llllr'i li:irir.llill li.-JJ;-: 1 1 Ll illli:. n kv I ll-:- i L l.^".' 1 1- n: Llll ':[ i< ill I l-.L-lTlli'. mill rim |]!.'r 

'-:|.i,.iii lliiil . '. Im.i .il\.i:.l'.'. ill': mil :l .liui.niir. • ].' ill^ll "ll I J] 'I'.'LH'IIPII'P 111 III': 1 lllSI 
|-||;!P.' I'liriishllii nl \'- I hi- ■:■!-}■: ;v.il ll; lr.ll ihK d.'IITri Mi"'' Mr.ltr^ Inr ks GL'd 

ihilily (hip ri> Itir ikjunlmp i ! I. iLI< tl;m ■■. c .1 i vlin r.l.it'r. .11 r r i :ml ion iind HWrniTiGlry. 



lerm. nallonal securtty planners should irv in . iv.ii.- Ni'.i.ini K.nli Warning Line 
(DEWL) Tor cyber war ilnci [lit- capaMflty lo SelBCl From a r-JTiJse uf rapid respunSL- 

cll.ingcs HK|iiirVk - ilii line i;iri|iiri In I nluil I In- ncil i yln-l .ill. uk will look like- II 
may Ik- iii*Li-M.iirv In adupl an pfTH Ivlwsfil ii|j|]iu.ii li. II ,ir\ln'i hi lack i phiIis in :> 
Irtfl ul'lbi m .ufli'liiij.'. hi hh minim- ilesl cm I Inn i-i (iilv.it' in In ii nin'.wiluiilil mili- 
tary allnrk. iImiii kl l»- i ■ nNdnni .in .tiul u-.u. and Ii sip mill In- sulijcrl In I lie 

i'iiMirb|(Uv«iiln.n- c i .11^1 c |i i<-ibi I v ri.ii Im-hiiuv |)Ijiiuicis Imr imilnw toivaile 

In I nil nil I in; ,n.i[ ii|i.lalinj; ll m-iv-^nv [In- r.i-nfv.i I [;;■;! I.-, nnd II m Ki)]lil- 

rumen II [Illy as uHLr. I lis- .[>■->! Wiir II ihii v. and inure. 



made one-sided nuclciif rlrtei-rem-o [licvUnsloss.' ' The U.S. and the USSR men? 
farced into a position of mutual deterrence or Mutually Assured Destruction (MAD). 

cv'jlt attacks du 1:01 po^.-^ t:iu pi 'V.-.t u: .1 k\ir i :::';u:ii.'i: ilicv do pose a so 
ilr.ii^ and ir.nea^ln^ 'hi' ii ro I m 'Tii.it: on 1 - 1 sr.-niliv .inr. ::n':l p loll j'erai Ion olinns 
iipfJt'iiv fulili!. '.Vi ■![■(!; nc :■:> [hi t i;b ol MuiikiIIv Assim"! Disruption.™ 



" U ' " " " IVI'.H' -I f 1 



8. ARMS CONTROL: CAN WE LIMIT CYBER 
WEAPONS? 



plain it'is uilli n n-< hi uiudi'l. C'WC has bivn Liillii-d b\ '.'K'niil lit- ■.vurhl's urnum 
llldlllS atltl U[lCOI11pJbbll> IL'.'m ..]| l||.- AOI I I'S |.»i|iiil,ili. in. I[ i'.iiii]>i'ls st^ildlm ius mil 

to piudiiM.' or In list- 1 Iii.-iihi.-jI v..m|j. in, ICVO. ..mil tln-v nnsi ili.-.m.iv fsistiusi tW 
bTnckpilus. i\s .n mr-ans and method of war. CW havr- nmv almnsl romplrtdy Imi 
their k'jjILlmacy. This rhaplrr EwnilTii lliL' abpurLs u( CWC thai cciukj help lo con 

brum luiiufy had! I iunal threat niiugatlun. 

Cyber Attack Mitigation by Political Mc-ans 

I hi .vih-liI hill. i;rii-.vn .'iii!. pi'ii.l-a .1 i:::'Aw hili'in.-l LIul ivi-iniisils ni.r. .si i l. Nil 
lu^' liiiii'. slut. ;_Li- sut'.Liioni. !!■ hdp l'ilmiil- its s'j i o n r. . L'.'i-: ■-■ da'.. inu:i' .inpi-i I , ot 
ii.i-..I.'i .1 ■ n.i.-iv la.'n.: 'v ^i''. i:- il-ilsr. .1:1- 1 .•ziti'al ill'ijsn nrlui'- iiv i i". -1 1| n I i." I 
jiidcoiitiir.-ti-diDdk- Isiiui net. As a cuii sequent- uf.il lur tin 1 s.isi-ot ..".v:v thine Imni 
ihi' nmdiinnin nl vlr-riii.-iiv lo ihr imoflrirv .il ind.in.il r-y-iikins. norv.-iirk smiriiy 
is no IciTiRura luvury hula nrcubsiiy. 4 1 

i.i'X ■ ! . .1' ■ nil I.. . < I I IS- Vuln 'I I 'I. Ml 

mill KpiiMiM's u VI i l.isi njin h\ nnarh nnu hunrtri'd fvurv nxinih.-' - Thurr arn 
lii-.L-h- us in.- |i:ilh-. s mill ■. i n - ■. ^ z nn ? - m ih::n •' mi s\ ' I'.'in ad mini ::trai'. is 

can prntuct. And In a larae deerec lias (■■plane, III-:' ii:pj] iTliii n on immlmnil I'll 
joyed by cyber criiiiliials and cyber spies. 

Ill Ibn Inlni''. Il iv.ir hpnl« .nit hctsviT-n Hvn fir more major ivoild po«.-[t. nun nl 

tack tods and lethi1lL[uc. d'-iillaH.- e.i inllilai ■ and Liiii.'llip/.'nrc agencies are likely 
I ill in: in |» ■'.'■■ 'I 'ill II: ill 1 1,' .-i ■ '■ : ill' 1 ' I "il- '. i . I d | ii il ih . Mn'.Y'".' I. as e.'ilh 




and Use of Chemical Weapons mid un tiieil Dcsirutlkrn. lis glial is to eliminate lljf 
enliiT caiceorv olw-jpons t>l mjw dcu union (WMLJ) that i-. associated with toxic 
chemicals and their precursors. The- CWC Preamble declares thai achievement s In 
chemistry should bi: !]:■.■. I \.. :Lr.i'i i. ;: : vi' Ii, pui p; ;cs. and that the; pruliibi 
Hon on CW is intended -for the sake- of all mankind/ 

Lar.li iifiiuioi",' is responsible loi cnforcim; UVVL within its Irfij; lunsdlctian. This 

[jr-:irlurlk)!] l'.i( ill lies. Ilndi r l he ronv<':i:nni ill I rhiTiiirak are aniMdcrcd ttcop 
■ jj i - - in:!.'-,:; I ill' air- us;.! lor puip' i'.;-. thai iirr -i i :^ --. - j J j - - Li I J v ii'.illir'ii'.rl uiulei '.W:.'. 
l-.nihcr members ;n\ pr.il;ihi;u- imni i: j;ir:oi iniB nv i. . or hvun other nations. 

l.WI is Administered In I he t'rraniialiiiri lor 111'' l'rohibilio:i nlTlirmicnl Weapons 
(UlfWI. based in The flnfiiie. which Is an independent entity working In concert 
with the United KuliDnv OPCW hasa stall of 5UU and a bade,ot of EUR 75 milliun. 1 

Currently. 188 nations, encompassinn D8°b ol the abbal population, are party to 
CWC. A mere 13 years old, CWC has enjoyed the faslest ran? of accession of any 
arms control treaty in history.'" Since I0Q7. over Sfi%or Ihc- world's declared stock 
pik-uf Tl.lM-1 mr'liir inn:, ill chemical aerm has been d..".lio, vd alone v. :lb almost 
50t, of the world s 867 million chemical munitions and containers.'" 

CWC: Lessons for Cyber Conflict 

Governments addtassed ihe threat from CW by creating CWC In order 10 counter 

negotiators will likely examine CWC to see wlii'ihn ns prim l| iIh -. .n. ii.iik'i ii;il,l 
to the cyber domain. This aulhor has idenlined five principles characl eristic of CWC 
lh.il may ha useful in litis mnlful; [»iliiif.iUvlll. iiriivi'rwllly. avslslanre, prohlljllinn. 
and I aspect kin.' : ' 

P. .Ml j. ..1 ss III lln l.l.ni ll?l V.m. PiesMi-nlsliill Clml. ■! IliaKVeltanlsSUHla 

i -i. ii. in. hi ( fl.'1-.mli. -i, Hint; ili.ii tli..\ wi- omitted lu the rallfk-allnnol 




the U.S. and Russia possessed the lions sLnc nf CW. and ( W'C could not have been 
a success without I heir l< nderslnp. I lov.cver. signatories lirsrt In he convinced that 
ihey had mon> to jjain Irani soiiiiiij; i Ut llianihei luil to lose iiv remaining outside 
it. In tlic case oFCW. there isa scnuinc abhorrence dial the science of chemistry has 




universality also provides a sunn;; rrrrniinn'oi nuemive: peer pressure. A higher 
ratio of members liiimn members :m r-.i-.-. , 111 - !],.■(,! iii-iry gained by acces- 
sion jmd heightens lhe isolalion lell In those who remain on [ he outside. 



nalorles are helped to fulfill treaty n -cp ii i i- it Briis he-;- ;.; with the destruction of 

CW and CW production facilities. Furilier. OPCW actively promotes the advante- 
menl of peaceful uses of dieme-ln fur eiononiK deielopmem. This includes the 
provision of training fev N a alexins fiiiidly orfw i J !<■ i s advocacy to treaty mem- 

hers in the en-JII Ih.A .lie line; It I:; tlfl'W of alailllel si Hie. 

Prohibit Inn . CWC has proven ih.-n vnin»!>V desi™ lion nf CW and their produc- 
tion lac Nil le.s Is feasible. By 2010 over r i0»,', ollhe world's rtoclarecl chemical agetll 
stockpiles had been veirti.i lit. di-slrnvt-d. fi- mella- n-'iirlv :"f)\of declared cltemical 
munitions. Some siales lmd ii>mi|i!h|hK elii led iht-ir c:w programs. At the cur- 
rent rale, over 90% of lhe world's known CWwill be destroyed by 2012. Although 
seven nations remain outside. CWC. no new stales have acquired CW since 1997. 
The success nfCWC stands in loulrasl unbe 1908 Kin-few No n -Proliferation Treaty 
fNPTj. f)es|iile lhe fllortsolNPT. I h.'si/eoflbe world's nuclear club has grown from 
five" 0 in nine.'-"" 




fact that the Internet is a v. r,i |, id( ei'.k.a pi/.e. I he |(ii K;N;uon of law enforcement 
and relink riiitcltijy'iiiv niTS-aniiel ends , \v\ \ ?m:e ;i nei-Aiir]: rr!l>lc crosses :in in 
[eniatiaiiiil iiardri. b™ 1 1 n I n 1 1 diinisands ot :nik\s Mijv separate ;in attacker and 
defender in the reafc'-v..ii:d erv,.ni is .1 iiuLlibi.i in c. ijci .pa-, e. and altjckei-i ottcn 
have direct arccss "0 ill' ir vrrims. Sni.in l.ir j. i '. hide v. I : h : :i the maze like arrhi 
ti nun' "I thr- JilliTil^l and liv.ite altar iei ihiimid: ■■ 1 n il :il v hall I hi- viciims 
!■»! riimenl ins |i<iiir d:|)laiiia;:c relalions or no lav, cnlcricnicnl rrKiperalkiii. In 
2010. there are plcnts ul cibersalc lunciis ivlicrc cinaiiikls. spies and terrorists can 
operate vaitlioin leai 11] reprisal. : Adb:u.L;;i the iiatutc o] cyberspace makes 

;|oals(>l ! \U ,nv Ina.hlv apprnpiialc in r In c\ber :l: main. I 'oJirit i.iii-, lnicniaiioniil 
a : 1: 1 1 :■ . : mi I he public 'ill 1 :. ii'mbii laidei^aiidiii.v. I Lis chunk l''[i/;i[:i:a 
aii'l iiniveisahtv 'vnpi: in - a i ..iriiisnaa- ai a 1 '. h:a' 'A en p. ms Convention. 

Assistance Vulnerabilities 111 c jjtitc twoitts md the advantages they create 

for an attacker will persisi for (In - loreseeahle Inline. 1 onseqiicntly, organizatlons 
h;m [in ciii nee Inn M iiivcsl iiiir a lima and ( II ni l :nlo eoiaiiiMcrsceiinn. Hov.e\cr. a 
I m . i| :i 1 ]iri| ■■["iiii'iii ill Nir: 1 it'lii'M practices such 11s lisk Miaua<;('[ii('iil. im aidless nam 

mj; :l h'riM' m depd I ni' 1 ■ S ■ -ill har.ihar, ■ usiinllc n ipm. ■. mine c\pe:iis,i ;i M ..| 

resources Ih.-mmasi iii ji.ini/iitijiiis ami in en rniiiij ( (innir ias have available. Within 
CWC.OPCW afters pi;*- 1 lea I aid to Ms Mieinliers. Ill Ihe saiue fashion, a Cyber Weap- 

inji signatories nnpi'ive ilieir. ) her defense posture aikl respond effer lively Id cyber 
. il la; l.s v.'l 1 t 1 I ! i' ■• ■ " ■ 111. 'i Is 1 1 ill !i I 1 u 1 1'. k I ■ "r'.'la iii .1! k-jsil. and pulley advice 
via consultation anil [raiiiin|>. A i risis 1 espouse le.im lould be available 10 deploy 
m 1 ill I v.' 1 di- al ii mhiimhu's iiolii - 1.S11K Im piiliiish Ms liinlini[s 10 I lie world. And as 

Willi < AVC. 1 he ins 1 i'k |i:.iir.k' Mi" benefits (if pe.r Hill uses (if 

coiupulcr Iiy 1 1 in ill hjv Ifmm ■ (led ipnienl uml cooperation. 

One significant Ink dillfc 11 Ii skip kn ^m-i -ins 10 lake would be the joint Instra- 

mci kin inland ohseivali if Ilia lnleiM-l ,111. 1 lis neivank Irallii Iknvs. Main 1 yoci 

threats, such as the on.> |ius.'d \t. In 1 :ei inn iIiimj. siinpy iijm- [m (|iiicily kn 

the kind of traditional Insidious thai ni'tAV piiividcs. ("yliri attack jnltigaliori re- 
quires Immediate souice idriiiilii ale ml In alnlhy in 1 niss technical, legal, and 




to thoroughly muli'imiiLi' ils ci'tLlidenliii;iu inn <;ritv arid/nr availability. Any rniii- 
inili.T iirosiniimiH'r can learn In \liile innl'.'.niL'. and null | j r e j jj; c;i c I □ ■ ric ■ c ^ can sutipl) 
■ I iv.-nli'id | iV' i!'i -mit:;i] . |n.di' ;.ll...k rnnS I r ■ ■ r i "i '■.■■II kii' iV'.-ii ■-■.chsiles. I llltlier. rv 
ber warfare is unlike chemical waifare in 1 1 ml cvbei al lacks nflen (tenia rid slealdi 



bin lr is UHIi( nil In imagine line, the j iple nl mspi'i In in ciniltS easily be ajijilied 

in cylieis ( >are. Ai.mnd the win Id. MOO It.lusiiial farihiie.. are subject to CWC In- 
spection at any time: tills is a large Inn manageable number. Compare II to the 
a iin ii ml nf di;;hal minimal inn llial cm be |ikited mi mrc n-im nable llimiib rlrivc. Ill 
2010. a 2.1G l!SR Flush di iu-t!. si under SI000:' ;;l II held over 2 trillion hits of 
ilala. Hen Ividek iinlilisheil ujn inlinii sysieni and ,H|i[ilic,ilii>n code can be almost 
ilrl|:iissllilc ■<! lull lei slain I ( || g| ill .. civil fur e\[:el [s - because I Ill-re is siiu|>l\ 




am appmpilarc In I If .inrl dnlli !:;!,' ; i.i !i:n!ii;;lii'; !nl. I !!■ : ;■ v.. 

I he iiiul two principles piiil'ibmon and inspci lii'ii are 11.11 hclphi] at Tins tune. [[ 
is difficult to prohihil or inspin Minirlhii:.'. lhiLl r, I raid Hi dctineand which grows 
by orders of iliaplilLidiai: ,1 1 l-.l; li J-l! j Ija-is. In IiilI. ll.c:i: r.Ui LOuld prove ii^ 

in ri'-.mi rnoieh ih.n .i hiiuv iiimiv ::it, n n I.. . ; I'- '., r i : l--- n ■-. ■: i .nv.'iinnn 
hill m!iiiciIiIiij;i:iiiit j;cTHTir. u:< li rss i;ti,Ti]« Sprrinri- (bmenlion. 

Uu balance, the Ll i j appli i-'.'l jjiiiicipl pn.'Vule ■■..i:a[ Icadeii with a p,oud start 
lllii pi 'I Hi 'i 1 y.'.'A' 1 1 'ill' p:i ■ I . I 'V i i ' :>■■;■ V.'i'np. ill-. : invi niii.il ll ll;;rl:'n;ii :ill I 

Internet security lliinkns d. r:d- that nil rnatioii.-.l rvh.T linns control treaty i5 

the ri (ihl 'vav Ihr'voi'i. pnlri.nl l.-.ir'cr'. ih.iy pv.- r.nrniki r . Hi'.' ] nnclmg thnv nccrl lo 
attack the technical challciis;i's oi pnihllmim ami inspection. 



IV. DATA ANALYSIS AND RESEARCH 
RESULTS 



9. DEMATEL AND STRATEGIC ANALYSIS 

In this research study ihn ,u In n will .-nij.lnv die ]Vi nui Milking Trial and Evalua- 
tion Labnra lory (DEMATF.I ] Inmialv.' llie nmsi Inijinn.-ini i mi( epls arid definitions 
The goal (if using DEMATEL Is Iwolblrh lo li. nea.se Ihe rigor nl the aulhnrs mttpH 

Vlii silrllllui (Ill-Ill. «l. .111.1 In help | He IX I. It- ilerisil wki-ls '.lllll jlli'illn I I juTli li 1 It i- 

.1.1 lie! allenipl id chin.:- I lu- 1 1 mm i-llii I. 'I II Hiii- id inili.'.iil.- I lii- [ln.-al ill il.i-i .11- 
lacks and llii|lluve( ylfl seiiirily ill III" si raleglt level 

DEMATEL Is a lompitlienslve I lllllUt lllll till tnellnid. ilevekiped In III.' 13711s 

in ii^ Si inn i' .nui i] ii \rr.iiis rii«i.iin .11 1 in- n-mi-iie Mi-umii.ii insnum- in 

Geneva. Ii is used In snlvc si i.=ni i (lr |)uliilr.il .mil i-i DTiDniii pmhletns that contain 
,i ti implex, -ii i iiv ui'impiii I. ml f',i..-i!iis.' ■ ■.-.hi' li rn.iy imnk.- in.iiis sl.ikehildeis.- [t 
has lifted been used, especially Iiv lesean hers In Middle fasl ami Far Easl . In Inves- 

lir.il- |h| i il ili-ii is ill ^(1 iri -;;|, ■ | I ■ i| |i| ^1 |',i n 1 1 i|. I- 

First, a DEMATEL researcher iraisl iclenllfv .mill liisslfuhi- ki-v concepts or the nmsl 
Influential factors In a ijlvui sys n In a [hu ll ulai ansmf research 

Second, all factors are |i1 d inn i a juir wise, dins I Inline urn" comparison IH.il rH 

and pnurltlicd Lis I licit level iiflnfliic un I In- nil mi fai lias In tlm system zero, or 

-no Influence," la frjur.or "very high influence." The matrix Isolates all of the factors 
vvl I hi n the system, as well as their one-to-one re lal kinships."' II displays Ihe level of 
in Hue nee that each far Mr exec Is un every ulher farter in the system, and provides a 
■ li-.n uukinpnl allein.iims li\ inlkicnie level" 1 

Tilled, die influencing lack is 'ire di pk I'll iiki ' 'L'.i:.'il I:id|j ilnifiiuul that graphically 
displays how each factor exerts pressure on and receives pressure from, all oilier 
factors in the system, in; ln.lin« ihe stie.n<;1h of™ h inllu.'in-e relationship. 





pear elsewhere in seconds. 

Denial ol Service (l)nS) . I ho simple strmonv bc-hind a DoS attack is to deny the 
use of data or a comput.-r ii'soiir-:- In j f.UniiijIc user.. The must common [attic 
is [ij Hood tile lintel v illi sn uiuia Mi;i:!lunu- :k:li- ::ul II cannot respond ru real 
IV||\1,'-I- l::i -.1 -ivii rs nr L:ll.iini:ei::ll. Tn:la\ I 'I: n lull. 1 1 r(! I'"" II: |'.:i i- - --- 1 r 1 1 ■ ;.|1V,.|1' 

withmassiveDistrihnie[IJJiiS([)[)oS) resnaivvsanil a hioji M of anonymity. Other 




because legitimate users (human nr Miiirliinol ma\ make subsequent critical docl- 
sions based on ma lit ioir.h al>:-.'d ml. nniawm. Sin 1 1 ail, i. ks inline from website de- 
facement, which Is often [■■']. 'iii'd In as ■i'lei-mimc siallih." Inn which can still carry 
propaganda or dl si 1 1 for in hi to Hi.- cm inpin n nHidvain til weapons orcommand- 

InlYnslriirtiire manipulation Mai al critical liifrasuiicnires are, like everything 

else, increasingly i-unnei. tetl to the Inicrnei. llmu-n-i I hi airse instant response may 
hi- hi [nil i 1 1, anil hssis lared lianlAaic c-nuM ll.iv insulin n'lii e tjiii] njl I nsj lesniin 
security may not he ioIiiim Pi i i i li.-t iih h h- 1 1 iH nfiasi i in line i nuld require Instant or 
automatic response, soil may In- nnii-allsilc lnripn i ilia: a human wijuld he avail- 
able In com in with every ((nmnai-.il [lie iriuaslnn line is given." 1 

Complicating mailers is I he rai l [liar mosl ( ililcal lull a-.no: lines av in p::\ali- 
hands. Internet SeiHie Fio\ideis HSI'j fn evimpli . .illy lease communication 
lines to govern ti tent as well as in i run uu Trial ruliiles and It is not uncommon for 



Cuminon Vulnerabilities 



!]-ii:v\i"i':i!:.. The iLOl]'.; : v ■ p: : : '. . j i I i luil' I ■ ■il.":-]v luii-s. I hi- di: 1 ^''.''' (it 
,\]|H]>illiT Imrkiiii; hps '.'i I In - l.i' l llml II rnrsv hi' nltnTip'rd lor :i I net km t,l liircrKt 
rind n-k ;.( iii.ur. nlln-i nil'iiMiiii I ini ■:■■:>: j i win <;: ir.i[:]|)iil-:nni s:r;fc;;ii ; : . 

AiH.riymiry. . :i III;.- ::icli:l ■ iuiriif 111.' 1 1 ir.': r:-:r oll'crsrvlHTijIliicl.crs iL hijjji 

dep,n.'e (il anonviimy ^]iii,:L I:;;; k'.'is [■um- [liur ar. [ill ks []i:imi^I] uiunlii'.'i vvuli 
xi !■ i; !!].■ Yi: Inn - ;;'i'..'i i]:i].T]- I !;i\ p. n . !,:.!i >:ii;ii II I ill: ,!• I - :] : .'jlli .in nil ■|]r 
m-ipcralion. K,n siirrcssfuli vl)c:-Lrivcs1ij>r]IL()iisi]fu--n Irad nrilv luarml Iut tuvkni 

f!>IH]>llliT. .1 t'J TIJLU'IllS Willi! fillT lllC |!] (H|!I'( T dl l(KillJ> il (lln'l (Ollllnl .'. Il 1 1' Hi! 

even knowing the Identic of their adversary. 

■ ■■ ■ In.-i !■■ .1 ir. ^.killsai-eofniarglnalhelplncyberwarfareandillsdHIi 

cull in u-Nihi pn-Mi ■] '.i ilii m.ntut.il II' I it h:n. ; ; l ,..p Cli.iMi-nriiti;i l r.ni|,Klci 

inveslijjalioiis are fuc tlu i -unpin aii-il l>\ lla- irm'riiiiiicriiil rinlnre of the Internet. 
Morvwer. in llif ihnp n] slHli' .])ii]i.nii'il i u»'i-ii[nTiHLims. lif.'.- i-iiPiici'inem roan 



■;n Yulii<-!jl.i]i;i.'5 .iii.I L-.\:. I.L:.i; 1 1.- r.LL - L.;i:. ::.il \r.n. lLLIp::./cv[\]Li[lrc.or|:.. 



Cyber Attack Calegorie.s 



Con Merit la Illy . This i-tk-i n iq i;is>>< s any i eliim i/ed aciiuninun of information 

including aurrfplltjims , u:il]"n- ;iiinlysis," in whie li .in -imsh ker Infers conimunlca 

i inn mill mi I merely liy ulisei vmi;',i niininin iun pnirnn,. Rer a use global network 

connectivity is current k well .diead ul' ^li.hal m-uvnii, -,1-i-uniy. It can be easy fur 
lm kns in sieal h in .mi' niiiKiil irifdrmaUim. 

("yl)Hrl-ii.iiiMii,iiiil,vliHi imiCiiH nny -nil IIh In i mi i'liUne. I ml hv ait- already liv. 
lily 111 a Gulden Age nl i y I™ ■! I'spmiMgf Tin' iiinsi fammiv case in dale li "GlmslNel," 
Investigated by fllfiimulfiiii lUiifiri- Almiliu in 11I1I1 h a i vber espionage network 

of over LOOOcoilipnirniserleumiiuleis in inn • lilies laiijeleil dlpluliialic. giolili- 

cal. ecimmnic, dinl nilbiary information. - '' 

sourccssnrh as'a d;iial . ■■■■ hn'ii SIta kSi in involve Ule sabotage' of daia for 
iiiniln.il ]iullili ii! or military purposes. 

Cyber criminals have em lypleil drilii un a lirlini's li.inl drive anil I hen demanded 
a ransom payment In enctiange for the decryption key. Governments Ibal censor 
Coogk' results return part. Inn mil -ill uf 1 1n- van li i-iijj;I iw-'s suggestions In an end 



Availability . The goal here is to preyed authorised users from gaining access to the 
systems or data lliey require to perform cerlain tasks. This Is commonly referred 
to as a denial of service (DoS) and cncoinpasses a wide range of inalware. network 
traflic. or physical all lu ksoii Kimpiiteis d.=l.-iUin;:. ami ilj- nel works that conned 



In 2001. "Maliaflny." a l;i year-old sunirnl I'rnui Mom real conducted a successful 
DoS attack against someol I he v.oi Id's IniyjeM niiliin- 1 ouip.inies. likely causing over 
SI billion In financial damage. 1 '- In 2007. Syrian air defense was reportedly dis- 
abled by a cyber attack moments before the Israeli air force demolished an alleged 




Si rategic Cyber Attack Targets 



CylKTJL^^cirMrjlL'HlL ^RTUncjiiLt'ckinotcHxurL-vm ttiy In Kiel Ills llkflv lliiil 

ill" M I 1 is] |H hM'l till 1 \ hl'l' Ui SI] " 'IIS I lim |l" SH' i '< I 1 1 Y I 111 ll I - L - ,| | |i ] 1 1 lh l('l L i I'^l-I I 

Some war tactics will i hiiiiLy in nnli'i In nn i mm Inr I Ili ■ iiiiiijiie nature of cvher 
■ifj.n-i- .mi I (ur 1 1n ■ I j [rii |hhm'i r i r t vlii-i wjiT.iiv bin In illinium rjuloritfar- Vic 
wiy - will ritil l]i.iii;;i-. As in |iiiil w.u-. Jim] lis Willi ultn-i n |n-s nf iii>|;rtsslun, lliert 
are IWuhruaci calcimines ii[slrnlcj;ii lar^els [hill i\ her nll.ukcri will sinke. 

Mililiiiv linies . liu- fir si iiilrj;nr\ ill ivlirr ill [a l-.s wn'.ilil lit' iiiinlin led as parted 
,i bi.iiiiler etlnil In ifiSiihle I In- aihvrsHi y's iM-ii|iuiu\ ilnil In ilisrnjil ml II liny lunl- 
niand ami con I ml (C2) ^StBfllS, 

ic.nn l-m ii im-i !<lli<il FliylUc Kin mi l Tin ■ slmulal Ion was a sirred. As J..ims Ail 
aire, w-nile In Fi» ,'ign AMitn linns live ^ili.iii.il Sn mill A|;ein \ (MSAI |icrMiiinel 

[nisi 1 1;; .is [in Ih Is mi hut kiTS nscii ii larirly [if winliliil iiiLiriiinUnii war 

r.ne tailiES In inF"-| llie inn cinmi il inn I (inn mi syni.-in Willi ;-. [uniiK/lnii 

ondown.couklhelieveanylrung.-'' 

In 2t!flN, unknown liai kcrs timkc Iran a wkin range of [Ml rumpiilcr.v Including a 
■highly pmtwied classified neiwnrk/ <if Ccmr.il nunnnnil (( I Ni('OM). Iheoigaril 
/.iliiin wlili li iiLin.ijf lnilli wars in which 111- I'.S is miw cii)[,i|!i-r.l Tin- P.-iii.ijih ii l 

Whs .sn nl, eil In III" .illiirk lliiil rh.iliin.in nl' llu- Iniiit rhii-l's Hli ln-I Mnlli-ii 

|iri sunnily hi irfi-il Pn-sii[i-ii[ linsli ..ii 1 1 ir- inr.-ident.*™' 

In Ihe event nf f e w.n lieiwt-e ..Jin null Jinweiv Ii is wim- In assume lllnl 

111.- nhnte-iileiuimieil iiil.ii ks wuulil |n1e in i . .|ii|-,nis,in In liie sii|ilnstir.ilnin anil 
-ii iil- nrr ylier ini ils .inii mi l Ii s i Inn B «ei miii-ins m.iy I mid in leservf for a llnieo[ 

■ ■ ■■ Hi ■ ■- I .in :i.l..-n iii in.- Hi- -i in mi inlejimv uli \ln-r .ill.nks wniild 

liiijjr lln-nilversaiy's.iliilliy mid iv.|lll[i;jiu-ss In winy wai Irn an i-Mi-nrieil |i,-r:r,diif 
liiiie Tin- liiijii-K win il i likely im Imli- .in .ulveis-iil s Imam nil seelnr Inilusliy. niiii 
national morale. 



coiinecllvily contimnr Im-i is hit lii.u ivmriiinj; in |i-'H.iikI paper is no! an option. I[ 
iliere is ii I- Mdi in; cmi-htl! in I i! snlini min i he cyber attack problem, a reason- 
able argument can be mad- for [nler.iel Pioloeol version (i (irvfi). which is replaclna 
IPv4 as the "language" ofrhe Internet. The Pi-si benefit ol IPv6 is Lhal il instantly 
solves the world's sin': 1;!.l-c :l cixnpirci adihvsses. ■ I lo.vevcr. ils chief security 
enhancement niandnln; ■. :.i:pp:;[", l':r lnle[::el i'r iUnol :-.ci:riry (IPSec) is in fact 
an optional leaUnt- [hat rn.i' ml be 'Y:<le^ used !:■[■ n'asuns of convenience. Fur 
thermore. dining [lie [on;- lrnusiuiiii jiliair ahead ilii'ie will lie an increased "attack 
surface" as hackers e\p!<-i: i nji.-n-.l-iinlrs In I: I lr l.nii:ii,i;;--s al 

Miliiarv iliiilrini Cylii-isi-.n - ■ is .1 in iv a;i i fan- diMiniii. Ill which computers are 
both a weapon and a target. Future mil ii an concepts and doctrine must find a way- 
most influential mi Ii tar treal tory.Sun IzusArtof War. which Is renowned 

for Its flexibility and adnptabilitv m new means and method? olwar, has great dif- 
ficulty subsuming many ..si.,, is n:' ■ vIm i ivarl.ii" rhe anilnn described ten dls-titic 
tlve characteristics of tlieivbei liailleuelil none of which fils easily into SunTzus 
paradigm 



Deleni-nce : Thcic arc imiK" l-M-delci hi;; i- shaic-ncs available lo rn I ion -stales: de- 
nial of a [In ca[e[in:u. [c:h[:<>:ije.- ic.L-. ii;i: ii ai v .-.'.:;■■ 1 1:. I ,■::: p:;i:: ,:u:i ■:.:. '.'.':[:. . ':ci 




high attack asymmetry in cyljeispai e nnili-imiiii- 1 lie i leil ihi lily of deterrence. Fur- 
ther, they creale prolilcinali: .!-■( lr :iial-|iii-sli.nisli;[ miliiarv mles nf engagement.'" 



Anns Con I nil : In tin- future, ivixil 1,-aileis mav in -si; it i.iit- an international treaty 
on the use of cvber weapons. I inv.. w i. ui i us coiiirol relies on (wo principles that 
are no: casv tc applv in ■ vl-: rsp.i.-c p: l.i:in::i L acd ;:ispraion. First, it is difficult 

in piiillil'it si thine lhal r- :L.l!il :i> :!i I 111- ■ su' h as mall is .rode. And even ill .1 

malware-free organization, hackers are adept at using legitimate paths in network 
access, such as by guessm-- m si.-ahng im.sv.oh1. Srtiuul. it Is hartl to Inspect 
something that Is dirfirnli lin ounl: a USti Flash drive now holds up lo Z5G GB or 




10. KEY FINDINGS 



The author Will t'rnplnv l!ic UK MATH. tucT hci> I m an;ih/r> I he Iwo most imporlanl 

■ In undorslnnd him I lie kr\ miiii'jpK in ilils limit Hull individually am! ral 
egorirall), lullueuce are another; 

■ lo uncteniliind lln J exieni m wliifh ihc svmi-iii ina\ he runlrnltaljle; and 

■ to prltirHl£P (In- in ir 1^.11 mil mi in iji^. Ii ii 1 1 ■ ■■ Mini ni.ikpis according In I heir 

I 111]' Ml ilil' III.'; llh- I ' li"l .ill." I' .11!' iillMl'yl .1:11 1 ::n [■! .'.I11M K llii 1 Mil". 

the jysidiuirsuairgir i >hrr mi udiy as a lyliole. 

The "Expert Knowledge" Matrix 

Main* X, depicted in Fir. :"> is :i IJFMA'l'Kl h.p.'N knik'. \- <\yj' iiiUnonromalrill thai 
Juxtaposes the- cytaer aiinrl. iiilvinii.i i; .'-i ami 11 mi ij.;,ii inn siiiii,yii>s acrurdlnR lu their 



in this book and on tho .wihoir. iiidsmeui a;- .1 :iub|fii m u it r on port with ovor ton 
years working as a rvlr r inn INci anon .'v. ili'i.iT"! :it I l"n:- Lid l"sl ri i | _ i 1 1 m. 
.liuhir Ii.ti published I" ri [.-".'ir-wi.l ri vj iiMfi:i .^n;iiiniii<i .iiiil ■ ■vn.luaiing I ho oiliiMoy 

ensure that must if mil .ill ilk- \ mi.iHiv. will i h.iiige over time. 

The reader is I hus encouraged tn tailor the mat™ to his or her needs and in ag 
Rregalc or disagree, i:c indmdinl iiillupr.i !■■ firuirs lur 111010 Roncral or for mare 
specific research goals. 



.hv i^ulls jii> limgutg b II r :!>■ Ilglnsl j ni rat-hit .» Itiis sif in II 

gaucr s'ra:e£es ; Ins aapezn itogtal. bj: a ckBet oak rcvrah win ; 1e moil 
inlucrxr-J lactur in Matrix A deterrence is a punty jiyticlcgcal ccnd tton. 
NgMv rirpmrlr^i on human pMotpnMMdcMmoK, thai I M iff surpnsrg hat 

1* :oi it :1VJ » NCk li pvM let M0)Q|] fiid *tn(c*» li«J !<j hutll Id! inhi 10 a 
lai :csscf Cegiee 

Unlo-iunaTi fci Mirr ^h-fpnv im I.m ilmi ih„i ctir- a- lack .Twin ages MM 
r.rlv hair a -inhPi tl rprl nflm-ntr tCOK Itm* the Mt0M» MOM& tl Si.i hal 
:.ies area wimne rwsa::t Ic outside I nllumre laB»T the- tr.nR.illun mibipru.1 
have an average scute nf 22, i rmipari-rl lipjuM fur llie advantages. IPvG scores 
«HI. hut 1 1n- oilrr iliree Mraiegies do not. 

Our way lu Interpret fig 7 Is In view llie ■suacepllbillty id Influante" score hi a 
measure or a factor's reliability, as well as the confidence that a decision maker 
rou lil place in II. Tin h.i yln-r.iiiiii lees .in- abfi- ic i.'lvuii ilii'ir advantages In a much 

J'liMtel di-HU.- 1 1 \ljfl ililt-liiti-l'. c Hi m Ill .III. n k ij;,l!iiiri «IMIi- 

giev ,-M i lii.-. point in lime. Iliree examined strategies - delerTenre. dnrlrlne. ami 
arms rottlral - uiv oMulmiu^, bdp in \ ber defense. 

Perhaps even more omlimuslv. tin- lv.ii musl influential cvber attack advantages 
- anonymity and IT vulnerabilities - are also the two most difficult cyber attack ad- 
vantages ltj Influence Thui. Illry irw [liiiiiTilieiiH-K iblluull rdialldngrs for cyber 




Influence It projects (n ihanth ■■ to the s) Mem, thus, as "anonymity" Lb the 

most influential factor in Malnx A". 11 has Ilk' [laikesl coloi ol all factors In Fid, 3. 
Anonymity impacls ahim-i :>v..iy or I if! liii.mr in ihe \tsii-in n 1 hie highest possible 



Two feclani. deterre iii-h and anus unit ml ir-iiunn while because lliey da nut alfecl 

A', in Mb. G. and in this diagram l> bcr .mat k dcurtvnre. in particular. Is dominated 
by four other. hiflh imparl tailors, milking it (In- mosl susreptible of all factors lo 
outside Influence, and the l.'asl tillable miliealiiiu Mralet.\ fnr strategic cyber de 



aspeel of lip IWHldWtmil<|lllHI»WII 

;il received, while nlllcrs have rev. Aftci 
and inadci]uali.' I cber defense each have 
ups with oilier lactors. This allows them 

way. Ibe resultant impact on tlie system 



Calculating Indirect Inllueiice 

A close analysis cil tlieiausal limp due, abniv leveals i bat each Tac tor not only 

liasatllrecilnlluenceouen.'i voihei-liii tiii LiiiliesyMi-iiL Inn that It also lias InclLrecl 
or transitive Influenres mi ibi' uiIht hu nus I'veiiliially. eu>i> lartorln thesyslem 
will men iiifluencp llwlf. 

Fift 3 below tlepirls Iht' dvnaiiui nf ii»[in-i l influence ai work. 






Second. Matrix Dlslra[i 1 kjiim-tl]]inj-];...tul]rii[ijL-iicu-Mairix i. in which DEMATEL 
illiiMnindinllE. II. 




standing nr llr iwurv uTlhi- svsicm lndin-ri InllmTircs an- -ferduarri" inlli 
uliii h allow i-m li f.n lur In i[ilUieiin?en-vj ulliir l.u lurni llie system, and ove 
hi I nllni' iii ■ e even Itself. 





Analyzing Total Influence 




The «>iiit>1n«i dlrprl arnl Indlrtvi "lnMl inflni'iii •■" > aliulatlnu yields an alternative 
ranking of thi- fai wrs . line. iIiciijji Run are I In- s.iiih- r.n inrs Idi'iitifiru In Mir causal 
limp diagram as having ilu- lili;tirsi immln'v al very i nfl lh tiiiiiI r^lsclnnshlps Willi 
mlifrr.n lurs reHiinllessurvJii'lliei |]i>- iiillii-rn r vi.i- yy.r ■!■.--,[ 

Anonymity Is still I lw most Important factur In I fie system. However, the addition uf 

llllll II- I 1 HflLH I IE f >. lICIIIllclMlllMf..! I. I|S ||| 111.' llSl. [ |l'l|l|,|ll'l \l),'| lllfniW 

ami military doctrlm- snrpassi-d IT vulnerabilities in id asymmetry in Importance 
(compared 1c Fiji- Ci). while deii-m-nee ami aim- Hint ml joined Influence HI Ihf ex- 
IH-nsei if win- suae ;« n us anil IPvG. 

The flrwl slep uf Ihls DEM ATE L analysis subtracts tile Indirecl Influences from Die 
direr! hiHut'iK'L'ii I n Fig, 12 lu citato a final normalized lotal Influence Index, v.hlcfi 
Is shown In Fig. 13. 





Kpiiip N. Cyhpr AtbKt AtfvHntHgn Summary 

i.iii I i! .<n'. .mi in', ii ii .nil II i '.i in. i. I'M iii" : rli-.; iliii. I ji 1. 1 I' n ii i!i ii ■ ■ I 

attack advantages. iiiiiKiiv :nyi m ir|.:-.-|i.;i. :c- Ix i rkkii^" Non stale actors re 
reueda negative- overall score in (he lin.il in**, which indicates thai Ihisroncept is 
a net receiver, ami noi pi' ivnM. i il' milium c in 1 1 ^ysr.- in i if st ralegic cyber security 

The movement nf ihe tnlllgallnn siralegles (n ihe final lntk'< Is mtrh morn striking 
Fig. 15 reveals thai all four strategies muved In tlr list especially IPv6. Willi II was 




Following lilt Hiwl DEMATEI. -mini inJliipm.e" i-iilnilarion. IPv6 rose to Hie thlrd- 
hlutiesl factor in slralHjji. r yi.ni vi uriiy. Milml i;nK Hiniriyiiiily ami IT vulner- 
Ibllllll. Fig. IG summarl*es Mu? factor rankings, before and a tor Dm inclusion or 
MdMd Influence scoring. 




This research suggesls lrial IPvG I™ tlie poNMM HI he a more Influential farlor 
In MiaiL'gic cyher security than three cunvnl cyber mark advantages, (minding 
.iv. riirn.'liy ;m<! liiiirV<|u,ik- i \ l.i-r il-'H-nv Tin-. ii-miII is l lie im.M sliinll'n mil ivvi-ti- 
thmiti IhttttddjC 

DEMATHL analysis highlights Ewo povwrhil IPv6 (trtl ■ ■■■ FliW, IPv6 Is extremely 
Second. IPvli infhiHiu". i In- sinuV m ikhwiTiiI cvliei .iri.« k advantage anonym- 



ity. at a "very high* level. I lieie tai-lucs lombini'. via uidiied influence, calculations, 
to radiate the Impact of lh!j lhix.iifilni-.il the svsic-m and In magnify its importance 

Thus, for derision m.-ikei-.'L. iln^ rese.iirh M[m>c;,is i Ini II Mi 1% currently the single 
rnuLil eltieiem wu\ la ilIi.lml.c- III. ll' riLinnos ..■[ MiLir-.'.'!-- l -.'jct LLecuriiy In favor ol 

tvber defense. 

Fig. 17 is a modified carnal lata dinsiaiiL which ipei-iticailv highlights the slgnifi 
cant influence re lollop hip between ll'vi.i nnd the rem of the system. 




Fiffir* 17. t'.niM.I I i.i-p liniir.iiii II': i. L^ynlrm [mpncL 

All three ol her mfllgAliiin MiLili'gie\ i« elverl in-gnliM- viuvsin I he final I riles (Fig. 

tern, The second placu mitigation slralegy Is the application or the wirld's lies! mili- 
tary doctrine. An offl'tir. rm.vlii.-r nniliu i.Ii h iln- unlv mlier mil [gat ion strategy In 
finish ahead of even one ivhii ami II .iihuiiMgr. Cylu-i hitiis i-nnlrolanddelerrence 
reiLiLihi.il Mil' lull linn (i( I hi' Iim. fur ii'iwnlM iti'd earlier in this book, 

In sum maty this aiiabsi-. suggeM.s ih.n. nm heyuml iln lour cyber attack mlilga 
Hon strategics evaluated In I he , nil Inn. tin. i:-i i.iki.-L :.; i mid piiorltijo their Invest- 
ment In other millg.nl I nil ilr-megies hy cucgrnv. iirmrrtiiig in lire following formula. 



V. CONCLUSION 



11. RESEARCH CONTRIBUTIONS 



The ttaluie of a scan ir. Much h.e. ilim ■ hiii;;^-!!. but th<- htici net pru'.idcs a new 
delivery mechanism ili.ii i .m in le.ise l hir spe'il. s. ale. and |.n>Atf r or mi attar k. 
National erllleal Infrasl inclines are rnirt ,11 risk ■ mil only liming war. bill also In 
ilmesof peace. Asa ru]is..-L[iici re ill Inline | <jhiie.il and inditary conflicts will liave 

World traders must .-ldrti.-s'-. ih. ihre.ii N ^r.ii'-^ir cvlicr ran.ks v.lth strntcDjr re 
kck adnpl In miligalc I lie c\ liir all ark lhrr.il: ilclcnrni.r. 



Hie world's- best military doctrine. An of Waj: is "lore lielr.ru] than tile ilfst tv 
strategies, hut iheieare at least leu dislmeilve aspei is uf the cyber battlefield, not 
of which tils easily into SunTzuS paradigm. 



thai aiming Hip Iniirrx In.il inili;'.,!hi>ii si laicises. tP:C, IMlic most likely In have 

simple rca ran is that It run reduce the m. I rillnenti, it ailvan[ni>c of a cyber attacker, 
anonvrnity. and It does sli Allli a higher i:i^ne el rcl::i-.'iiir. than the other factors 



tarlr'is in Mrateejr cvbc-i srTi.irlt\'. 

[ItMATEL pmvirirda «□>■ In analyze the fourpmpnsed mitigation strategies with 
scientific rigor. It calculated ipucLtii: lewis nl ii.tlucncc tor each key concept Ideiili 
Ke4 and it created a causal loop duer'ni cd fjtt «inm thoj eOMprlsa, t-iualiv. il 
cake bled [lie nio^l etln ;cut v.e\ aiue-iii; ll.i j ■ . n l li ..iL'.-l::l l. m L|uestlon to reduce 
ill" llili'.n .1; -,l r.if air . ;hri attack. 

■ an argument lti.il 1 oniputer ti ninl\ n. v.ih. I'd 1'miti .1 H'l h nlr.nl discipline 

■ the evaLualLrm nf lijm hslim I ■, 1 1 , 1 [ . -y i .. ■ apjim.ii lie* In mitigate tflecytier at- 
tack threat am I ii - ini|ii :i'.' L , 1 k u I' 1 \ li'.-i" rlil-.-nyi' posture; 

• llieuseofthe Derision Making Trialaiiil F.ialiia I abortion (DEMATEU 10 

analyze this houkskey mnrepK and 

cyber defense strategies. 

Suggestions for Future Research 

The DEMAIEL method has helped to clarify ihe landscape of strategic cyber secu- 
rity. The autlior bclieyes that DtMATEL cuuld also he uled to examine oilier uut 
standing problems related to evber security, liere arc three possibilities 

(f.ii a i.ybt.-i attack he nil a< 1 of war'' 1 1 1 ■ - c I ■ . nanar nai 111 c ot cyberspace makes it 

appniacli .seems inevilnlilo: il the level ot Iiiiumii sullen ug or economic damage is 
liiidi enough, national !■ Lidei:-. v.ill icuiliLit:. I In-, applies i."jlli to govern 11 lent and 
private sector crilica I nil i.iir in. tun '.. ,\ lev 'hall'' ne. 1 ' lar n.v.kaial serums' planners 
is thai the hacker liiols and ti ( lni:qu,-; 1 1 qi 11 r< il lorcvhrr espionage are often the 
same as for cyber attack.- I lie dilleieuce lis in inomalion: does the hacker desire 
merely to steal InforntaUon, or is the attacka prelude to war? 

:. .mi v..' sal'.e '.lie ullribution |irolik-m 1 : :u i:" h:°i I : . . . 1 ..■ Li ill- 1 1 . 1 ! 1 :. " . 1 : : M 
maze like architecture ni the liiienic 1.-, rnnriuri anoii'- nioa; or deniable cyber at 




"lilt .111.1. K .C\A> 



govern mciu has poor diplomatic relations or nn la.v c-iilnitcnicnt cooperation and 
eyhcrinvos ligations ly|ii:alk end .11 a h::r-i;i [I .ill. indniird ( ompiitcr, where the trail 
epescold.Thisdyriaimt iT[;-:iui:j<;cs "l;ilsi da^f'.ais; oaciation^ where the attacker 
Tries to pin The Illume on li [linii par.v mid •. illiI-js liii ciiviroiuiicm m ivhicli oven 
Terrorists can rind a home on the liiTrrno:. ■ s.-.'.vni^ the nitnhuioi", proNcm ■.•ill 
rrtiuire hnrirmni/inj! cvlx r crime law;, inipmnne. r-.ber ;ielotise mc.Ihnds. and gen- 
'.'[■Ljlnifc; 111/ pjlilical 'il.j' 1 1 ■ • ■■ hi \:»: .inn LalellisicriLe. 



ill liairl'vare and soil'.vare. ' impr. [ eriai rnat:r e mctrh s h .r detoiise smttoeio^ 
and the ahillly In realistically innU I I hi- hacker 1 1 mill a, a laboratory. Because ii is 
impossible lei eliminate alt malicious imle Inini a uenuak. cyber defenders need 
heller ways [o neinra]]/e uhal Ihc, rarmol iind. tiovcrnnicuK cuuld alsc. ret|uire 
Internet Service Pruvidcrs (ISP) iopla\ a nirne hehii'ul rule m preventing the spread 
of malware. 
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